Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
112s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
14/08/2024, 14:13
General
-
Target
97e4a4608603f4820a7febbcadd46800N.exe
-
Size
534KB
-
MD5
97e4a4608603f4820a7febbcadd46800
-
SHA1
7b7a660383ecd78d95641e6d5d296afb7a2b3371
-
SHA256
ab8e6d3f8b80ec5370aac106d92edc0721c3796d8f0d3a165bdbf214603535ec
-
SHA512
b59b747d9d92ced6bc15d89e0057cf37a44e132f572969144f78585c892c9157e18a545b1ccfcc96150ae2b6beaff333340d70cdfe65ea6521021f59144d21d1
-
SSDEEP
6144:Q+r3ULOJQSfbzTRk5DJqj2uUZARL1MkK+u/HFPbCsAl:3r3ULO2IiS37YcsAl
Score
4/10
Malware Config
Signatures
-
Drops file in Program Files directory 5 IoCs
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 1562⤵
- Program crash
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
572KB