Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

22ef0ec130...00.exe

windows7-x64

3

22ef0ec130...00.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    16/12/2024, 14:37 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    22ef0ec1302427d5b197b30e545d0400.exe

  • Size

    16.4MB

  • MD5

    22ef0ec1302427d5b197b30e545d0400

  • SHA1

    bc6b6278e436c56311bacc5e4476e5d4bab00692

  • SHA256

    4ae196c51c70c762f9cbf250af00414f93e8ccea2337a7595d5307a474858812

  • SHA512

    27e97250d50f8b31fcb5552826655bed92cc3a5f8334710fbb905b5a3f21dfc8e6c7e3202fa3982a21544247711fbc1f361224bb42fad28c91cf362df502c6d0

  • SSDEEP

    393216:vMFPfYHcbXui8nRMeW3PBNEbdAgKvd5txx:vLLn5AgKvxX

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\22ef0ec1302427d5b197b30e545d0400.exe
    "C:\Users\Admin\AppData\Local\Temp\22ef0ec1302427d5b197b30e545d0400.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2124
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 208
      2⤵
      • Program crash
      PID:2912

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\2b1fa25d
    Filesize

    1.4MB

    MD5

    4e240d276ef1a54d1b667d1f9eb88e21

    SHA1

    1e5b274fc533f472800c9277cba0790d93cda629

    SHA256

    fa8f7069956f8077648e58f45c29acb1bd6ab3dc8717329a58fd27d61e4c8972

    SHA512

    e91666bbd38c38b56269d95029aad986aee88172f65f7a41c24a6d11dc1ffc776cce84a51efbd52b61428f6bf1183e9ee9a09671c8cc499eb15cac2ec3ce0932

    Download Submit

  • memory/2124-0-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2124-1-0x0000000000400000-0x00000000012D7000-memory.dmp

    Filesize

    14.8MB

    Download

  • memory/2124-7-0x0000000076260000-0x0000000076EAA000-memory.dmp

    Filesize

    12.3MB

    Download

  • memory/2124-8-0x00000000775C0000-0x0000000077769000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2124-10-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2124-9-0x0000000000400000-0x00000000012D7000-memory.dmp

    Filesize

    14.8MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.