Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
103s -
max time network
105s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
22/07/2024, 22:53
Static task
static1
Behavioral task
behavioral1
Sample
245f5fed0cede37fba16c284a13011b0N.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
245f5fed0cede37fba16c284a13011b0N.exe
Resource
win10v2004-20240704-en
General
-
Target
245f5fed0cede37fba16c284a13011b0N.exe
-
Size
203KB
-
MD5
245f5fed0cede37fba16c284a13011b0
-
SHA1
b1bf02ca78ec6d3e4f404fae15534594ac6fb8da
-
SHA256
181039fc7317aab1e88c6fba9dd09af486914fb934c85dbb4409f6c5627a7213
-
SHA512
4e1e2c2e45bb30e45b2e383c861bfd7bf441ed37e7c4f1b9d16cd2d9f5f8e3dfd1047ffc8faa4e4cc117f26fd0966d10bc83e0753b7a533aa6836774a082e9c1
-
SSDEEP
6144:0dlPOMcRvqbjCBwnKQvyaPhNDH12888xSWG1B78:0dlHglwnKgycNb1k8xRG1BA
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 848 245f5fed0cede37fba16c284a13011b0N.exe -
Executes dropped EXE 1 IoCs
pid Process 848 245f5fed0cede37fba16c284a13011b0N.exe -
Program crash 2 IoCs
pid pid_target Process procid_target 2856 2320 WerFault.exe 82 1712 848 WerFault.exe 90 -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2320 245f5fed0cede37fba16c284a13011b0N.exe -
Suspicious use of UnmapMainImage 1 IoCs
pid Process 848 245f5fed0cede37fba16c284a13011b0N.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2320 wrote to memory of 848 2320 245f5fed0cede37fba16c284a13011b0N.exe 90 PID 2320 wrote to memory of 848 2320 245f5fed0cede37fba16c284a13011b0N.exe 90 PID 2320 wrote to memory of 848 2320 245f5fed0cede37fba16c284a13011b0N.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\245f5fed0cede37fba16c284a13011b0N.exe"C:\Users\Admin\AppData\Local\Temp\245f5fed0cede37fba16c284a13011b0N.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2320 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 3962⤵
- Program crash
PID:2856
-
-
C:\Users\Admin\AppData\Local\Temp\245f5fed0cede37fba16c284a13011b0N.exeC:\Users\Admin\AppData\Local\Temp\245f5fed0cede37fba16c284a13011b0N.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:848 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 3643⤵
- Program crash
PID:1712
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 2320 -ip 23201⤵PID:5088
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 848 -ip 8481⤵PID:972
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
203KB
MD5439d734d783c1ef3cf1ba994a2bdf375
SHA1eaa574910cc61b90895d0108b444829eb1789cbe
SHA256fa50baa70d748ec719e51ae3905ed85621841ccf7263c2bd518190769fe2521f
SHA512fa1fa4b9fe1a23fd02736725a6dfd45977196d4ea78e015f2fe7c6a1a8749cebbd992ee9ebd5b288ed60aa250a1135f1fcc41b08402c7092fb7b82c7392b4279