Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

SecuriteIn...70.exe

windows7_x64

5

SecuriteIn...70.exe

windows10_x64

5

Analysis

  • max time kernel
    139s
  • max time network
    54s
  • platform
    windows10_x64
  • resource
    win10v200430
  • submitted
    15/07/2020, 11:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Trojan.KillProc2.11135.7335.9870.exe

  • Size

    453KB

  • MD5

    bb8ca4f4b7b59f40eebcdff528b8c822

  • SHA1

    5a06b0086de1e5976d9381011075ca68020b2c40

  • SHA256

    71977c1c4e1dd50aa73bb75cf7d9319acf0c30c50368b0d12d7066fee48fbf65

  • SHA512

    e7f59fcc828432ee24b9edde641d219faad15ac4d40ce07a10675f781ad39f179de53e1fae83daed88fd9fa96615eb6840d37197989965f8fef975f28d0517f7

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.KillProc2.11135.7335.9870.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.KillProc2.11135.7335.9870.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    • Suspicious behavior: MapViewOfSection
    PID:3656
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious behavior: EnumeratesProcesses
      PID:1352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1352-0-0x0000000000400000-0x0000000000450000-memory.dmp

    Filesize

    320KB

    Download