Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/08/2024, 17:00

General

  • Target

    3848e4539cfa567955ee4cffd6ad22e250afb44728a86550d264dd197ffac402.exe

  • Size

    1.2MB

  • MD5

    56dbc4367833434be158a1a0cebbd1a9

  • SHA1

    9097801ea095f4b4afc15497d9370d3c8a5c913b

  • SHA256

    3848e4539cfa567955ee4cffd6ad22e250afb44728a86550d264dd197ffac402

  • SHA512

    c216c2ed433994fd1a7759a90dd3464d266014dd5efdc2da30f267ced8d393c17c9f93f425c27a4b76655a1abb34393f0b4fd9d7c8d4efca527c28ce99623a75

  • SSDEEP

    24576:RqDEvCTbMWu7rQYlBQcBiT6rprG8aBsjPz4CXMD:RTvC/MTQYxsWR7aBsjP

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3848e4539cfa567955ee4cffd6ad22e250afb44728a86550d264dd197ffac402.exe
    "C:\Users\Admin\AppData\Local\Temp\3848e4539cfa567955ee4cffd6ad22e250afb44728a86550d264dd197ffac402.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4424
    • C:\Windows\SysWOW64\svchost.exe
      "C:\Users\Admin\AppData\Local\Temp\3848e4539cfa567955ee4cffd6ad22e250afb44728a86550d264dd197ffac402.exe"
      2⤵
        PID:2300
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 736
        2⤵
        • Program crash
        PID:2084
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 4424 -ip 4424
      1⤵
        PID:1484

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\autBF68.tmp

        Filesize

        280KB

        MD5

        b6d48637d1736c2f8f616a9c6f7551a5

        SHA1

        0808f51721d3421dd2e82d6c6f493635faf65499

        SHA256

        9ac40f84820e94850d21aa67c374c765a6a0958f9d6397b2b0beef59aedeb6be

        SHA512

        d43d19b23bdcc3cffe7e4837c3b82ec3da2900356ac0339e1bb1002be77e62429e120da6b1f4f110feca1da863d6124ffd4d62675c316d09fabc8f4353ac0e86

      • memory/4424-13-0x00000000020C0000-0x00000000020C4000-memory.dmp

        Filesize

        16KB