Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03/12/2024, 15:41

General

  • Target

    Terraria.exe

  • Size

    678KB

  • MD5

    fcb443f5bfa48c387991736e6b2b5803

  • SHA1

    8195908b47c087d4b1c5abc198632ed26a890d23

  • SHA256

    d9325fb197488e9c06adf56c45007cce94f403e5e0f444229119b948cd361d78

  • SHA512

    c883116976c01c9d1ec583f3f6748522833dc199307b6e2812ded179861193b905177f82cdff7cb7f741ac4a4976f35020a0b1a54959a7c310c003b63986b889

  • SSDEEP

    12288:ldqhhwtMmi8PHsyA50a52usAccoJe44QAVm:ldqzCMmZHsyeQA

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Terraria.exe
    "C:\Users\Admin\AppData\Local\Temp\Terraria.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1800
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 536
      2⤵
      • Program crash
      PID:1872

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1800-0-0x000000007426E000-0x000000007426F000-memory.dmp

    Filesize

    4KB

  • memory/1800-1-0x0000000001370000-0x0000000001420000-memory.dmp

    Filesize

    704KB