Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

c66fab8369...0N.exe

windows7-x64

7

c66fab8369...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    13s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    23/08/2024, 12:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c66fab8369cc0d8bf37645d198aa3aa0N.exe

  • Size

    3.6MB

  • MD5

    c66fab8369cc0d8bf37645d198aa3aa0

  • SHA1

    bcec2481eb1300eb74fcd259ed793d65ead189d1

  • SHA256

    601490f2ce7df4947f203f54ef2eae41594283db6ba423659e535d1c4dc51017

  • SHA512

    648c4aff78acbbec91d1387eb8bc99cfe46a35161871212f4b18cdc6f1e8bb2ea6af55bdc888ddd8d79b9e825986c1a815606eaac3c42a251f0e0db7835513a2

  • SSDEEP

    49152:vg+JfU2JByXienplE06QknMwGUTVm8jfeOCsLFVprJUcVfRTBxG:v9Q0n8i8dtYPprrR

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c66fab8369cc0d8bf37645d198aa3aa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\c66fab8369cc0d8bf37645d198aa3aa0N.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2472
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 872
      2⤵
      • Program crash
      PID:1256

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\{408ac47a-57d5-43ee-9952-ace5c74bf9f4}\System.Data.SQLite.dll
    Filesize

    718KB

    MD5

    ecb03d44a01ce72350c80b7e38693ca8

    SHA1

    5516d01213556d02ee7b143b0caffb71b66b1d87

    SHA256

    eb193171d1574447d32b1150da40e186f8e34d0f1c75a32a90459d5596ac74b2

    SHA512

    e2f1c8864b0cb1827a04047aae8399dc0bebf91d51ccd67b03898e1e81072bee3341a064596947964522417fc56a2763c4c296ad3bd970a6b6b279abda03e030

    Download Submit

  • memory/2472-6-0x0000000005390000-0x0000000005447000-memory.dmp

    Filesize

    732KB

    Download

  • memory/2472-2-0x0000000000B60000-0x0000000000BE4000-memory.dmp

    Filesize

    528KB

    Download

  • memory/2472-3-0x0000000000CE0000-0x0000000000D18000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2472-4-0x0000000073D30000-0x000000007441E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2472-5-0x0000000004FE0000-0x0000000005114000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2472-0-0x0000000073D3E000-0x0000000073D3F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2472-1-0x0000000001290000-0x000000000162A000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/2472-12-0x0000000005450000-0x0000000005507000-memory.dmp

    Filesize

    732KB

    Download

  • memory/2472-26-0x0000000073D30000-0x000000007441E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2472-27-0x0000000000D40000-0x0000000000D4A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2472-28-0x0000000073D3E000-0x0000000073D3F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2472-29-0x0000000073D30000-0x000000007441E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2472-30-0x0000000000D40000-0x0000000000D4A000-memory.dmp

    Filesize

    40KB

    Download