Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

71715bd5a7...0N.exe

windows7-x64

7

71715bd5a7...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    102s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/08/2024, 08:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    71715bd5a7b3e0f205a48191c6e96c30N.exe

  • Size

    1.3MB

  • MD5

    71715bd5a7b3e0f205a48191c6e96c30

  • SHA1

    546e19172691ca8e6a0105b00e636a6280e6a5b4

  • SHA256

    bcf6163f18f622abb0d947a6f168fd9c9365a0c48a91969f2cc60c7d3e3c23e5

  • SHA512

    579bf8d135d68169d7e89116b43714345d175075b1fb56bf08737d3ce0237cdc0eb85faaad1d8be54bc696112340af79b63cc26d596309f52483f45baaf2f5f4

  • SSDEEP

    24576:D88nWu4F9ISOa7NqiswdtGZWUUW59QiXza/ZSjXuF77Lv+f6T8Qnskb2i6OBKaBp:Db0ZJ+ZHqKgGXuFbq4TT+E

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Program crash 15 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\71715bd5a7b3e0f205a48191c6e96c30N.exe
    "C:\Users\Admin\AppData\Local\Temp\71715bd5a7b3e0f205a48191c6e96c30N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:4612
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 344
      2⤵
      • Program crash
      PID:3376
    • C:\Users\Admin\AppData\Local\Temp\71715bd5a7b3e0f205a48191c6e96c30N.exe
      C:\Users\Admin\AppData\Local\Temp\71715bd5a7b3e0f205a48191c6e96c30N.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of UnmapMainImage
      PID:2032
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 344
        3⤵
        • Program crash
        PID:1532
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 628
        3⤵
        • Program crash
        PID:3276
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 668
        3⤵
        • Program crash
        PID:1448
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 628
        3⤵
        • Program crash
        PID:400
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 720
        3⤵
        • Program crash
        PID:4192
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 960
        3⤵
        • Program crash
        PID:3872
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 1408
        3⤵
        • Program crash
        PID:2632
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 1464
        3⤵
        • Program crash
        PID:1400
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 1480
        3⤵
        • Program crash
        PID:3444
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 1468
        3⤵
        • Program crash
        PID:4480
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 1432
        3⤵
        • Program crash
        PID:4000
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 1492
        3⤵
        • Program crash
        PID:4500
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 1732
        3⤵
        • Program crash
        PID:3940
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 1516
        3⤵
        • Program crash
        PID:4732
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4612 -ip 4612
    1⤵
      PID:1596
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 2032 -ip 2032
      1⤵
        PID:3080
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2032 -ip 2032
        1⤵
          PID:884
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2032 -ip 2032
          1⤵
            PID:3688
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 2032 -ip 2032
            1⤵
              PID:3876
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2032 -ip 2032
              1⤵
                PID:392
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2032 -ip 2032
                1⤵
                  PID:1440
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2032 -ip 2032
                  1⤵
                    PID:968
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2032 -ip 2032
                    1⤵
                      PID:5048
                    • C:\Windows\SysWOW64\WerFault.exe
                      C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 2032 -ip 2032
                      1⤵
                        PID:2640
                      • C:\Windows\SysWOW64\WerFault.exe
                        C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2032 -ip 2032
                        1⤵
                          PID:4920
                        • C:\Windows\SysWOW64\WerFault.exe
                          C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2032 -ip 2032
                          1⤵
                            PID:856
                          • C:\Windows\SysWOW64\WerFault.exe
                            C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2032 -ip 2032
                            1⤵
                              PID:2704
                            • C:\Windows\SysWOW64\WerFault.exe
                              C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2032 -ip 2032
                              1⤵
                                PID:4040
                              • C:\Windows\SysWOW64\WerFault.exe
                                C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2032 -ip 2032
                                1⤵
                                  PID:3652

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Temp\71715bd5a7b3e0f205a48191c6e96c30N.exe
                                  Filesize

                                  1.3MB

                                  MD5

                                  fb9d21c7630d42c3351c5ba3dd20077c

                                  SHA1

                                  92698e9b24cf7d65b19f2b047d5b6af58e49a9c7

                                  SHA256

                                  223dbbd62b35c712ccff2f518376d16970e6b4982e6605885e59d0ec5626da90

                                  SHA512

                                  2c8126f08e9453438d5a862ba6cfac4ba719cd32252b5ecdee1269e33661d4779de5b71947ec0b7b309775c5bd8499e71ec9a76bb9ba77e359826788227b8907

                                  Download Submit

                                • memory/2032-7-0x0000000000400000-0x00000000004EF000-memory.dmp

                                  Filesize

                                  956KB

                                  Download

                                • memory/2032-8-0x0000000005080000-0x000000000516F000-memory.dmp

                                  Filesize

                                  956KB

                                  Download

                                • memory/2032-10-0x0000000000400000-0x00000000004A3000-memory.dmp

                                  Filesize

                                  652KB

                                  Download

                                • memory/2032-21-0x0000000000400000-0x0000000000443000-memory.dmp

                                  Filesize

                                  268KB

                                  Download

                                • memory/2032-27-0x000000000BA10000-0x000000000BAB3000-memory.dmp

                                  Filesize

                                  652KB

                                  Download

                                • memory/2032-28-0x0000000000400000-0x00000000004EF000-memory.dmp

                                  Filesize

                                  956KB

                                  Download

                                • memory/4612-0-0x0000000000400000-0x00000000004EF000-memory.dmp

                                  Filesize

                                  956KB

                                  Download

                                • memory/4612-6-0x0000000000400000-0x00000000004EF000-memory.dmp

                                  Filesize

                                  956KB

                                  Download