Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

sample.exe

windows7_x64

10

sample.exe

windows10_x64

10

Analysis

  • max time kernel
    19s
  • max time network
    119s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    09/06/2021, 16:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sample.exe

  • Size

    41KB

  • MD5

    b580c140a245f68291f7d4159272beeb

  • SHA1

    96d61bb4105f2a331bb3d7b733d77666286e8954

  • SHA256

    291dd93ff5ffd7c8c108767855b77b3a1fbae2755cc650b884f42e1903884041

  • SHA512

    5241380c3613e11de37c2125de09b80933b4bd2e8a1def667fd035bea3f0a7c5e5d7707d940fea8d7e4aab1030fac0c03318e84717ba2feccfad7f01b0b1e676

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.cock.li
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    jesuscrypt

Signatures

  • Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\sample.exe
    "C:\Users\Admin\AppData\Local\Temp\sample.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:624
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 1724
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1796
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 1740
      2⤵
      • Suspicious use of NtCreateProcessExOtherParentProcess
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/624-114-0x0000000000C90000-0x0000000000C91000-memory.dmp

    Filesize

    4KB

    Download

  • memory/624-116-0x0000000005B70000-0x0000000005B71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/624-117-0x0000000005530000-0x0000000005531000-memory.dmp

    Filesize

    4KB

    Download

  • memory/624-118-0x0000000005670000-0x0000000005B6E000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/624-119-0x0000000005770000-0x0000000005771000-memory.dmp

    Filesize

    4KB

    Download