Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2aac8d6e70...0N.exe

windows7-x64

7

2aac8d6e70...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    103s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/08/2024, 21:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2aac8d6e707cada89d6ce7aef65d2170N.exe

  • Size

    668KB

  • MD5

    2aac8d6e707cada89d6ce7aef65d2170

  • SHA1

    0123631fe0642354659d448d53509b503b9c87c3

  • SHA256

    5e7610b4046b3c716fd91db949232cd7127ba3f03f27b2e175e6754acfd61d4b

  • SHA512

    053add31069f078c8f7f076a3ea660bc3bfd3d065946811fbaf3106885b1a022ff6948bd0f40a127b17039a5097df16008407ac9315b509651ba8890c33a339c

  • SSDEEP

    12288:JbZ1hLgoGURlJDHUVQ5zCN2j6FB5WMlL143VQ5zCSjdgEi0kXz:1hLg38lJDHUVQ5zg2mblLO3VQ5zxjdgx

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2aac8d6e707cada89d6ce7aef65d2170N.exe
    "C:\Users\Admin\AppData\Local\Temp\2aac8d6e707cada89d6ce7aef65d2170N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:4108
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 400
      2⤵
      • Program crash
      PID:4000
    • C:\Users\Admin\AppData\Local\Temp\2aac8d6e707cada89d6ce7aef65d2170N.exe
      C:\Users\Admin\AppData\Local\Temp\2aac8d6e707cada89d6ce7aef65d2170N.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:736
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 736 -s 364
        3⤵
        • Program crash
        PID:912
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 4108 -ip 4108
    1⤵
      PID:3844
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 736 -ip 736
      1⤵
        PID:3964

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\2aac8d6e707cada89d6ce7aef65d2170N.exe
        Filesize

        668KB

        MD5

        bc1ff35c85f7e3ddecd95a6e5d4d1aaa

        SHA1

        b17555023abc65ae452a9a787dabaa36e2026686

        SHA256

        bc9ad73bd4ce103e8007cd46af09e1f4c2fe69b63384ccfca4210059a75afb24

        SHA512

        dc1307a0951fd69752b78d9773d78210d5d5e49b746dd7ae68488fe4d48ef3357a33a138c76cf6c5f3fd760478d6aedb20af9b2c986fb55d2989e1889b080af8

        Download Submit

      • memory/736-7-0x0000000000400000-0x0000000000441000-memory.dmp

        Filesize

        260KB

        Download

      • memory/736-8-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/736-13-0x0000000001680000-0x00000000016C1000-memory.dmp

        Filesize

        260KB

        Download

      • memory/736-14-0x0000000000400000-0x0000000000441000-memory.dmp

        Filesize

        260KB

        Download

      • memory/4108-0-0x0000000000400000-0x0000000000441000-memory.dmp

        Filesize

        260KB

        Download

      • memory/4108-6-0x0000000000400000-0x0000000000441000-memory.dmp

        Filesize

        260KB

        Download