Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

cccfa1c9e1...0N.exe

windows7-x64

3

cccfa1c9e1...0N.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    16s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    03/09/2024, 21:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cccfa1c9e1307012ea5d51c8efa44b80N.exe

  • Size

    803KB

  • MD5

    cccfa1c9e1307012ea5d51c8efa44b80

  • SHA1

    43d751c3b906c076438541b04dfc9a07493b30f4

  • SHA256

    ab4715573b7ae90b47166b24f7b9b6c7cceeccabb732d55d7618e5b112a6c515

  • SHA512

    241cffe6a2f157cbf1be94905bc0a71c095db8038f1bafd0525a9f479e7778d58b462f5b782e7fbf3f424b3f65f979e392aebe24b01140adc0eace82000d2a2c

  • SSDEEP

    12288:M8SkHDCDTGJeutF1pcVqqLVjO8TQ5KfAIasG+o0eY7YGAZ5l:ZkVmOV3O80m/asDodmY9

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cccfa1c9e1307012ea5d51c8efa44b80N.exe
    "C:\Users\Admin\AppData\Local\Temp\cccfa1c9e1307012ea5d51c8efa44b80N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1768
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 148
      2⤵
      • Program crash
      PID:1332

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads