Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

SecuriteIn...43.exe

windows7_x64

3

SecuriteIn...43.exe

windows10_x64

3

Analysis

  • max time kernel
    62s
  • max time network
    21s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    09/07/2020, 09:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Variant.Ulise.113173.17340.2043.exe

  • Size

    732KB

  • MD5

    fbb0d5ea5feeff5e7fc94e49f821b772

  • SHA1

    cac6683724c6da001abc5fd9c4a5ba897af8d77c

  • SHA256

    148bbf342d7554ca7382d5053e9558a6ef7afaa86c4f2a2bb29ac6ad826f3fb4

  • SHA512

    8148f9a5ebb0a2eaecaf7412e4bc14a65ef9f83f2ddf4acac56116b6c4c86795f094b574ff95741eed469354de597e99770627d51f244837ea3717cc2f99a9ea

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Ulise.113173.17340.2043.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Ulise.113173.17340.2043.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1116
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 36
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious behavior: EnumeratesProcesses
      PID:1196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1196-1-0x0000000001F70000-0x0000000001F81000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1196-2-0x0000000002640000-0x0000000002651000-memory.dmp

    Filesize

    68KB

    Download