Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

f2b3f1ed69...2e.exe

windows7_x64

1

f2b3f1ed69...2e.exe

windows10-2004_x64

4

Analysis

  • max time kernel
    134s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    22/02/2022, 02:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f2b3f1ed693021b20f456a058b86b08abfc4876c7a3ae18aea6e95567fd55b2e.exe

  • Size

    2.9MB

  • MD5

    0646491738c76fd6a9eefaed43eabf43

  • SHA1

    026720fca026d971b16d1990146ef6462e8c1664

  • SHA256

    f2b3f1ed693021b20f456a058b86b08abfc4876c7a3ae18aea6e95567fd55b2e

  • SHA512

    516b251f45861d01ae54c046fb49c09d1c3667eaf827d3f3e202cb6414b3a0b5899edd8f42c79ce4786e037f59af71e38af1b81abe033f6b4a6dc00b7315ea9b

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f2b3f1ed693021b20f456a058b86b08abfc4876c7a3ae18aea6e95567fd55b2e.exe
    "C:\Users\Admin\AppData\Local\Temp\f2b3f1ed693021b20f456a058b86b08abfc4876c7a3ae18aea6e95567fd55b2e.exe"
    1⤵
      PID:2556
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
      1⤵
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:1180

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1180-130-0x0000017EC8220000-0x0000017EC8230000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1180-131-0x0000017EC8280000-0x0000017EC8290000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1180-132-0x0000017ECA940000-0x0000017ECA944000-memory.dmp

      Filesize

      16KB

      Download