Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

22ef0ec130...00.exe

windows7-x64

3

22ef0ec130...00.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    16/12/2024, 14:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    22ef0ec1302427d5b197b30e545d0400.exe

  • Size

    16.4MB

  • MD5

    22ef0ec1302427d5b197b30e545d0400

  • SHA1

    bc6b6278e436c56311bacc5e4476e5d4bab00692

  • SHA256

    4ae196c51c70c762f9cbf250af00414f93e8ccea2337a7595d5307a474858812

  • SHA512

    27e97250d50f8b31fcb5552826655bed92cc3a5f8334710fbb905b5a3f21dfc8e6c7e3202fa3982a21544247711fbc1f361224bb42fad28c91cf362df502c6d0

  • SSDEEP

    393216:vMFPfYHcbXui8nRMeW3PBNEbdAgKvd5txx:vLLn5AgKvxX

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\22ef0ec1302427d5b197b30e545d0400.exe
    "C:\Users\Admin\AppData\Local\Temp\22ef0ec1302427d5b197b30e545d0400.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2124
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 208
      2⤵
      • Program crash
      PID:2912

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\2b1fa25d
    Filesize

    1.4MB

    MD5

    4e240d276ef1a54d1b667d1f9eb88e21

    SHA1

    1e5b274fc533f472800c9277cba0790d93cda629

    SHA256

    fa8f7069956f8077648e58f45c29acb1bd6ab3dc8717329a58fd27d61e4c8972

    SHA512

    e91666bbd38c38b56269d95029aad986aee88172f65f7a41c24a6d11dc1ffc776cce84a51efbd52b61428f6bf1183e9ee9a09671c8cc499eb15cac2ec3ce0932

    Download Submit

  • memory/2124-0-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2124-1-0x0000000000400000-0x00000000012D7000-memory.dmp

    Filesize

    14.8MB

    Download

  • memory/2124-7-0x0000000076260000-0x0000000076EAA000-memory.dmp

    Filesize

    12.3MB

    Download

  • memory/2124-8-0x00000000775C0000-0x0000000077769000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2124-10-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2124-9-0x0000000000400000-0x00000000012D7000-memory.dmp

    Filesize

    14.8MB

    Download