Overview

overview

10

Static

static

3

Windows11D...er.ps1

windows7-x64

10

Windows11D...er.ps1

windows10-2004-x64

9

Windows11D...et.ps1

windows7-x64

3

Windows11D...et.ps1

windows10-2004-x64

3

Windows11D...er.ps1

windows7-x64

10

Windows11D...er.ps1

windows10-2004-x64

10

Windows11D...ns.ps1

windows7-x64

3

Windows11D...ns.ps1

windows10-2004-x64

3

Windows11D...er.exe

windows7-x64

1

Windows11D...er.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    30/03/2025, 18:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Windows11DebloaterV205/Windows11Debloater.exe

  • Size

    2.2MB

  • MD5

    f0dfa157e77657bdd637be327450e4d7

  • SHA1

    909c7b789ee52c06cd1978e18eeea82de476cea9

  • SHA256

    aab7fbb655987d0bc2317429124aaa2b3a099c8173db787e9631de9563c78be6

  • SHA512

    6b2b4b60d3488ffd57363ac2c3a3c226184557f98ae8ca32981ef03551c3c88874e0726fc2b65859411e72869e0bc422cbe81880d2068a5b93917a99ef60362d

  • SSDEEP

    49152:olM2TdJp+mtE/eQJO3Wdgtn9VgbtKWTLHqEXCm4eH:olM2pJ3+GQJOZtn9cKWTLKEXCm

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Windows11DebloaterV205\Windows11Debloater.exe
    "C:\Users\Admin\AppData\Local\Temp\Windows11DebloaterV205\Windows11Debloater.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2436
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2436 -s 708
      2⤵
        PID:2772

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2436-0-0x000007FEF5EE3000-0x000007FEF5EE4000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2436-1-0x0000000000AB0000-0x0000000000CE0000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/2436-2-0x000000001BCB0000-0x000000001BD98000-memory.dmp

      Filesize

      928KB

      Download

    • memory/2436-3-0x000007FEF5EE0000-0x000007FEF68CC000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2436-4-0x0000000000850000-0x000000000085A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2436-5-0x0000000000850000-0x000000000085A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2436-6-0x000007FEF5EE3000-0x000007FEF5EE4000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2436-7-0x000007FEF5EE0000-0x000007FEF68CC000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2436-8-0x0000000000850000-0x000000000085A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2436-9-0x000007FEF5EE0000-0x000007FEF68CC000-memory.dmp

      Filesize

      9.9MB

      Download