Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

Maersk-Upd...92.exe

windows7_x64

1

Maersk-Upd...92.exe

windows10_x64

1

Analysis

  • max time kernel
    149s
  • max time network
    80s
  • platform
    windows7_x64
  • resource
    win7v200430
  • submitted
    07/07/2020, 09:18 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe

  • Size

    667KB

  • MD5

    d3369a2c24a7af7468ed5ae72bf66b96

  • SHA1

    3001c674481ee2780bc52ba30621e45646759745

  • SHA256

    bc5f360a2a8da9462d0509aab3b46b3fda11bc6b94a3bda8e5aa7be625aa08a9

  • SHA512

    8b709a04c72c0fa507695bf086e00530e67d12f6cf90311e56494d93a1f4f8eca1c307f72dd1384256f327ce3dfc4bfcf4e4968ad77a7396006f0df92e1a7594

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 18 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe
    "C:\Users\Admin\AppData\Local\Temp\Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious behavior: EnumeratesProcesses
    PID:892
    • C:\Windows\System32\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LxPToXCo" /XML "C:\Users\Admin\AppData\Local\Temp\tmp7B95.tmp"
      2⤵
      • Creates scheduled task(s)
      PID:1808
    • C:\Users\Admin\AppData\Local\Temp\Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe
      "{path}"
      2⤵
        PID:1792
      • C:\Users\Admin\AppData\Local\Temp\Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe
        "{path}"
        2⤵
          PID:1836
        • C:\Users\Admin\AppData\Local\Temp\Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe
          "{path}"
          2⤵
            PID:1780
          • C:\Users\Admin\AppData\Local\Temp\Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe
            "{path}"
            2⤵
              PID:1816
            • C:\Users\Admin\AppData\Local\Temp\Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe
              "{path}"
              2⤵
                PID:1768

            Network

              No results found
            No results found
            • 239.255.255.250:1900
              966 B
               6
            • 239.255.255.250:1900
            • 10.7.0.255:138
              netbios-dgm
              229 B
               1

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            We care about your privacy.

            This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.