Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

deb0299f10...0N.exe

windows7-x64

7

deb0299f10...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    115s
  • max time network
    116s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/08/2024, 19:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    deb0299f10c1c5bc231249190e559300N.exe

  • Size

    2.3MB

  • MD5

    deb0299f10c1c5bc231249190e559300

  • SHA1

    83db4e7bfd398e9e778742a4cf98cb565e7b16e1

  • SHA256

    01001674575a869cbeb9a9063aae82184d1621b49a34a4435600c6987ff104a0

  • SHA512

    51bb77547f35b7f29934f3611e6f0dcccdff1999eced39a42188653de507b20aebff99269c21045057c0f5e9023b90860603573637bad1f43865fc5fe15a419f

  • SSDEEP

    24576:6mrMjCIi2GVa/ZSkJovBYLYsSwdaJ+4h99Fm+ci2a/ZSrJovBY:6mraig+h7Q+F2g

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\deb0299f10c1c5bc231249190e559300N.exe
    "C:\Users\Admin\AppData\Local\Temp\deb0299f10c1c5bc231249190e559300N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:4760
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 344
      2⤵
      • Program crash
      PID:3092
    • C:\Users\Admin\AppData\Local\Temp\deb0299f10c1c5bc231249190e559300N.exe
      C:\Users\Admin\AppData\Local\Temp\deb0299f10c1c5bc231249190e559300N.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:556
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 344
        3⤵
        • Program crash
        PID:1804
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 380
        3⤵
        • Program crash
        PID:2432
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4760 -ip 4760
    1⤵
      PID:2672
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 556 -ip 556
      1⤵
        PID:2228
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 556 -ip 556
        1⤵
          PID:3864

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\deb0299f10c1c5bc231249190e559300N.exe
          Filesize

          2.3MB

          MD5

          1faf637163397a940780d56382315d4d

          SHA1

          b2245c02a1a52113747357575c335ab824e060f5

          SHA256

          cfa69c5c40ddca6bf454ff3ea047768859d6b78e519c3a5868df4863115fd906

          SHA512

          7ca4b2f1ccce0b65b07380a0c6e03a067be6a7bad26b5b84cd0a45f2d92b821a6d25b3fcafff6153472178ec796c285798092b41d2a815ffce27b17409b85776

          Download Submit

        • memory/556-7-0x0000000000400000-0x00000000004ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/556-8-0x0000000004FE0000-0x00000000050CD000-memory.dmp

          Filesize

          948KB

          Download

        • memory/556-9-0x0000000000400000-0x00000000004A3000-memory.dmp

          Filesize

          652KB

          Download

        • memory/4760-0-0x0000000000400000-0x00000000004ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/4760-6-0x0000000000400000-0x00000000004ED000-memory.dmp

          Filesize

          948KB

          Download