Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

90a5c1c5dc...84.exe

windows7_x64

10

90a5c1c5dc...84.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    152s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    28/05/2022, 02:43 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    90a5c1c5dc2278063478fbc8f2ac072ccf0489d7b3f81a6ed35b7d712b4b7b84.exe

  • Size

    225KB

  • MD5

    c116cd083284cc599c024c3479ca9b70

  • SHA1

    bf831962162a0446454e3e32d764cc0e5daafde0

  • SHA256

    90a5c1c5dc2278063478fbc8f2ac072ccf0489d7b3f81a6ed35b7d712b4b7b84

  • SHA512

    d89ac7d971e46ee67f6857a71d3712205d28170320386a83d9cdbda97d270626cf2a0e91e0b866d368c65eb3e47766c20c07a2baeb51feb3fe7b8d98d848e560

Score
10/10
plugxtrojan

Malware Config

Signatures

  • Detects PlugX Payload 6 IoCs
  • PlugX

    PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

    trojanplugx
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\90a5c1c5dc2278063478fbc8f2ac072ccf0489d7b3f81a6ed35b7d712b4b7b84.exe
    "C:\Users\Admin\AppData\Local\Temp\90a5c1c5dc2278063478fbc8f2ac072ccf0489d7b3f81a6ed35b7d712b4b7b84.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:936
    • C:\Users\Admin\AppData\Local\Temp\Gadget.exe
      C:\Users\Admin\AppData\Local\Temp\\Gadget.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      PID:5004
  • C:\ProgramData\WS\Gadget.exe
    C:\ProgramData\WS\Gadget.exe
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:5032
    • C:\Windows\SysWOW64\svchost.exe
      C:\Windows\system32\svchost.exe 201 0
      2⤵
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1288
      • C:\Windows\SysWOW64\msiexec.exe
        C:\Windows\system32\msiexec.exe 209 1288
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        PID:4328

Network

  • 93.184.220.29:80
    322 B
     7
  • 20.189.173.3:443
    322 B
     7
  • 8.247.210.254:80
    322 B
     7
  • 8.247.210.254:80
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 8.238.110.126:80
    322 B
     7
  • 10.127.255.255:53
    dns
    svchost.exe
    2.2kB
     15
  • 255.255.255.255:53
    fast.bacguarp.com
    dns
    svchost.exe
    315 B
     5

    DNS Request

    fast.bacguarp.com

    DNS Request

    fast.bacguarp.com

    DNS Request

    fast.bacguarp.com

    DNS Request

    fast.bacguarp.com

    DNS Request

    fast.bacguarp.com

  • 8.8.8.8:53
    fast.bacguarp.com
    dns
    svchost.exe
    63 B
     121 B
     1
    1

    DNS Request

    fast.bacguarp.com

  • 8.8.8.8:53
    fast.bacguarp.com
    dns
    svchost.exe
    63 B
     121 B
     1
    1

    DNS Request

    fast.bacguarp.com

  • 255.255.255.255:53
    fast2.bacguarp.com
    dns
    svchost.exe
    320 B
     5

    DNS Request

    fast2.bacguarp.com

    DNS Request

    fast2.bacguarp.com

    DNS Request

    fast2.bacguarp.com

    DNS Request

    fast2.bacguarp.com

    DNS Request

    fast2.bacguarp.com

  • 8.8.8.8:53
    fast2.bacguarp.com
    dns
    svchost.exe
    64 B
     122 B
     1
    1

    DNS Request

    fast2.bacguarp.com

  • 8.8.8.8:53
    fast2.bacguarp.com
    dns
    svchost.exe
    64 B
     122 B
     1
    1

    DNS Request

    fast2.bacguarp.com

  • 255.255.255.255:53
    fast.bacguarp.com
    dns
    svchost.exe
    315 B
     5

    DNS Request

    fast.bacguarp.com

    DNS Request

    fast.bacguarp.com

    DNS Request

    fast.bacguarp.com

    DNS Request

    fast.bacguarp.com

    DNS Request

    fast.bacguarp.com

  • 8.8.8.8:53
    fast.bacguarp.com
    dns
    svchost.exe
    63 B
     121 B
     1
    1

    DNS Request

    fast.bacguarp.com

  • 255.255.255.255:53
    fast2.bacguarp.com
    dns
    svchost.exe
    320 B
     5

    DNS Request

    fast2.bacguarp.com

    DNS Request

    fast2.bacguarp.com

    DNS Request

    fast2.bacguarp.com

    DNS Request

    fast2.bacguarp.com

    DNS Request

    fast2.bacguarp.com

  • 8.8.8.8:53
    fast2.bacguarp.com
    dns
    svchost.exe
    64 B
     122 B
     1
    1

    DNS Request

    fast2.bacguarp.com

  • 8.8.8.8:53
    fast2.bacguarp.com
    dns
    svchost.exe
    64 B
     122 B
     1
    1

    DNS Request

    fast2.bacguarp.com

  • 255.255.255.255:53
    fast.bacguarp.com
    dns
    svchost.exe
    315 B
     5

    DNS Request

    fast.bacguarp.com

    DNS Request

    fast.bacguarp.com

    DNS Request

    fast.bacguarp.com

    DNS Request

    fast.bacguarp.com

    DNS Request

    fast.bacguarp.com

  • 8.8.8.8:53
    fast.bacguarp.com
    dns
    svchost.exe
    63 B
     121 B
     1
    1

    DNS Request

    fast.bacguarp.com

  • 8.8.8.8:53
    fast.bacguarp.com
    dns
    svchost.exe
    63 B
     121 B
     1
    1

    DNS Request

    fast.bacguarp.com

  • 255.255.255.255:53
    fast2.bacguarp.com
    dns
    svchost.exe
    320 B
     5

    DNS Request

    fast2.bacguarp.com

    DNS Request

    fast2.bacguarp.com

    DNS Request

    fast2.bacguarp.com

    DNS Request

    fast2.bacguarp.com

    DNS Request

    fast2.bacguarp.com

  • 8.8.8.8:53
    fast2.bacguarp.com
    dns
    svchost.exe
    64 B
     122 B
     1
    1

    DNS Request

    fast2.bacguarp.com

  • 8.8.8.8:53
    fast2.bacguarp.com
    dns
    svchost.exe
    64 B
     122 B
     1
    1

    DNS Request

    fast2.bacguarp.com

  • 255.255.255.255:53
    fast.bacguarp.com
    dns
    svchost.exe
    315 B
     5

    DNS Request

    fast.bacguarp.com

    DNS Request

    fast.bacguarp.com

    DNS Request

    fast.bacguarp.com

    DNS Request

    fast.bacguarp.com

    DNS Request

    fast.bacguarp.com

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\WS\Gadget.exe
    Filesize

    25KB

    MD5

    6b97b3cd2fcfb4b74985143230441463

    SHA1

    8985c2394ed9a58c36f907962b0724fe66c204a6

    SHA256

    5c859ca16583d660449fb044677c128a9cdedd603d9598d4670235c52e359bf9

    SHA512

    736631b2ca37426c3915f496d5c3abdac23ffa91bd90fd8b215be2ad8735403ff9d58d1effe6791fa34a72141a5218f19808c0c4ece4100a525adbdeea4c1715

    Download Submit

  • C:\ProgramData\WS\Gadget.exe
    Filesize

    25KB

    MD5

    6b97b3cd2fcfb4b74985143230441463

    SHA1

    8985c2394ed9a58c36f907962b0724fe66c204a6

    SHA256

    5c859ca16583d660449fb044677c128a9cdedd603d9598d4670235c52e359bf9

    SHA512

    736631b2ca37426c3915f496d5c3abdac23ffa91bd90fd8b215be2ad8735403ff9d58d1effe6791fa34a72141a5218f19808c0c4ece4100a525adbdeea4c1715

    Download Submit

  • C:\ProgramData\WS\SideBar.dll
    Filesize

    41KB

    MD5

    901fa02ffd43de5b2d7c8c6b8c2f6a43

    SHA1

    8bb71adf1c418061510c40240852c3cd61fb214c

    SHA256

    3144079c68ba00cebfd05239a2f5bd406096ec02e13e8571ca24313df7a5b679

    SHA512

    6500b1a0e1a5995226bfcdaf1a33867bd9ccd5b84552db73f46dc1ee44461dbb29de6d16e8bf0da0c56d15ea60a4f44f105d005de139924ecb46d274cce90bab

    Download Submit

  • C:\ProgramData\WS\SideBar.dll
    Filesize

    41KB

    MD5

    901fa02ffd43de5b2d7c8c6b8c2f6a43

    SHA1

    8bb71adf1c418061510c40240852c3cd61fb214c

    SHA256

    3144079c68ba00cebfd05239a2f5bd406096ec02e13e8571ca24313df7a5b679

    SHA512

    6500b1a0e1a5995226bfcdaf1a33867bd9ccd5b84552db73f46dc1ee44461dbb29de6d16e8bf0da0c56d15ea60a4f44f105d005de139924ecb46d274cce90bab

    Download Submit

  • C:\ProgramData\WS\SideBar.dll.doc
    Filesize

    121KB

    MD5

    97c11e7d6b1926cd4be13804b36239ac

    SHA1

    b388b86a782ae14fee2a31bc7626a816c3eabc5a

    SHA256

    a13161d957ef1bf6362cbc488a82ffca8f6f52f48143f1110616b9c540e5997a

    SHA512

    8ee3c39651b8d5790750436d04178e0d124c6573f1f773265349683635047a8f1adc34195f1a58001e96c57da3d3504a86026d3165a832117f10e9ebb233a121

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Gadget.exe
    Filesize

    25KB

    MD5

    6b97b3cd2fcfb4b74985143230441463

    SHA1

    8985c2394ed9a58c36f907962b0724fe66c204a6

    SHA256

    5c859ca16583d660449fb044677c128a9cdedd603d9598d4670235c52e359bf9

    SHA512

    736631b2ca37426c3915f496d5c3abdac23ffa91bd90fd8b215be2ad8735403ff9d58d1effe6791fa34a72141a5218f19808c0c4ece4100a525adbdeea4c1715

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Gadget.exe
    Filesize

    25KB

    MD5

    6b97b3cd2fcfb4b74985143230441463

    SHA1

    8985c2394ed9a58c36f907962b0724fe66c204a6

    SHA256

    5c859ca16583d660449fb044677c128a9cdedd603d9598d4670235c52e359bf9

    SHA512

    736631b2ca37426c3915f496d5c3abdac23ffa91bd90fd8b215be2ad8735403ff9d58d1effe6791fa34a72141a5218f19808c0c4ece4100a525adbdeea4c1715

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\SideBar.dll
    Filesize

    41KB

    MD5

    901fa02ffd43de5b2d7c8c6b8c2f6a43

    SHA1

    8bb71adf1c418061510c40240852c3cd61fb214c

    SHA256

    3144079c68ba00cebfd05239a2f5bd406096ec02e13e8571ca24313df7a5b679

    SHA512

    6500b1a0e1a5995226bfcdaf1a33867bd9ccd5b84552db73f46dc1ee44461dbb29de6d16e8bf0da0c56d15ea60a4f44f105d005de139924ecb46d274cce90bab

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\SideBar.dll.doc
    Filesize

    121KB

    MD5

    97c11e7d6b1926cd4be13804b36239ac

    SHA1

    b388b86a782ae14fee2a31bc7626a816c3eabc5a

    SHA256

    a13161d957ef1bf6362cbc488a82ffca8f6f52f48143f1110616b9c540e5997a

    SHA512

    8ee3c39651b8d5790750436d04178e0d124c6573f1f773265349683635047a8f1adc34195f1a58001e96c57da3d3504a86026d3165a832117f10e9ebb233a121

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Sidebar.dll
    Filesize

    41KB

    MD5

    901fa02ffd43de5b2d7c8c6b8c2f6a43

    SHA1

    8bb71adf1c418061510c40240852c3cd61fb214c

    SHA256

    3144079c68ba00cebfd05239a2f5bd406096ec02e13e8571ca24313df7a5b679

    SHA512

    6500b1a0e1a5995226bfcdaf1a33867bd9ccd5b84552db73f46dc1ee44461dbb29de6d16e8bf0da0c56d15ea60a4f44f105d005de139924ecb46d274cce90bab

    Download Submit

  • memory/1288-145-0x0000000001820000-0x0000000001850000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1288-148-0x0000000001820000-0x0000000001850000-memory.dmp

    Filesize

    192KB

    Download

  • memory/4328-147-0x0000000002B40000-0x0000000002B70000-memory.dmp

    Filesize

    192KB

    Download

  • memory/4328-149-0x0000000002B40000-0x0000000002B70000-memory.dmp

    Filesize

    192KB

    Download

  • memory/5004-141-0x0000000000580000-0x00000000005B0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/5004-140-0x00000000007D0000-0x00000000008D0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/5032-144-0x00000000007A0000-0x00000000007D0000-memory.dmp

    Filesize

    192KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.