Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

b601ecf579...d9.exe

windows7-x64

1

b601ecf579...d9.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    12/08/2024, 01:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b601ecf5790e99428832c5f6cd736866ee204b143fd7e4ae4e977c9a74facad9.exe

  • Size

    284KB

  • MD5

    69096a75af73614090d2731adbc7fee3

  • SHA1

    ac966e235442d3170998e4c24587eedd62ec7fed

  • SHA256

    b601ecf5790e99428832c5f6cd736866ee204b143fd7e4ae4e977c9a74facad9

  • SHA512

    8f956f9099c4a7bbd588c4fd7cf3106e11e8aeb126e3e3034517c18af5ca26dc70f69f9ebe0556a65b73921850a3c85644d9855006097dae4db8605c0f67764a

  • SSDEEP

    3072:NedHlD0x+BCBodxLqxnU7uqGPXy6Zs8YhSPpxXQ9J0vNC3:Nergx+BAojLqxcuFTO8cSP7gE1

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b601ecf5790e99428832c5f6cd736866ee204b143fd7e4ae4e977c9a74facad9.exe
    "C:\Users\Admin\AppData\Local\Temp\b601ecf5790e99428832c5f6cd736866ee204b143fd7e4ae4e977c9a74facad9.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2052
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2052 -s 32
      2⤵
        PID:2516

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2052-0-0x0000000000400000-0x000000000045D000-memory.dmp

      Filesize

      372KB

      Download

    • memory/2052-1-0x0000000000400000-0x000000000045D000-memory.dmp

      Filesize

      372KB

      Download

    • memory/2052-2-0x0000000000400000-0x000000000045D000-memory.dmp

      Filesize

      372KB

      Download