Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
6s -
max time network
11s -
platform
windows7_x64 -
resource
win7 -
submitted
28/08/2020, 17:46
Static task
static1
Behavioral task
behavioral1
Sample
4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
Resource
win10v200722
windows10_x64
0 signatures
0 seconds
General
-
Target
4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
-
Size
12.6MB
-
MD5
d427390e9fad598ec3288c9275c84628
-
SHA1
7b88e1eaa07151fc0d7639574fc7f40fa5be8aa3
-
SHA256
4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6
-
SHA512
83ecc48386999ec6d05999d88e9a81eae5267ea807441727cd60d44f17ead8a0ca6e8a0ffa7d5e4e9fc800d858fb2ee824815abe4299e0ec85639384b75324a8
Score
7/10
Malware Config
Signatures
-
Loads dropped DLL 32 IoCs
pid Process 1940 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe 1940 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe 1940 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe 1940 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe 1940 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe 1940 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe 1940 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe 1940 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe 1940 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe 1940 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe 1940 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe 1940 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe 1940 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe 1940 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe 1940 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe 1940 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe 1940 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe 1940 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe 1940 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe 1940 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe 1940 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe 1940 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe 1940 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe 1940 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe 1940 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe 1940 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe 1940 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe 1940 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe 1940 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe 1940 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe 1940 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe 1940 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe -
JavaScript code in executable 5 IoCs
resource yara_rule behavioral1/files/0x000300000001324e-1.dat js behavioral1/files/0x000300000001324e-2.dat js behavioral1/files/0x0003000000013255-5.dat js behavioral1/files/0x000300000001324b-20.dat js behavioral1/files/0x000300000001324b-21.dat js -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: 35 1940 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1684 wrote to memory of 1940 1684 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe 26 PID 1684 wrote to memory of 1940 1684 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe 26 PID 1684 wrote to memory of 1940 1684 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe 26
Processes
-
C:\Users\Admin\AppData\Local\Temp\4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe"C:\Users\Admin\AppData\Local\Temp\4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1684 -
C:\Users\Admin\AppData\Local\Temp\4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe"C:\Users\Admin\AppData\Local\Temp\4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe"2⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:1940
-