Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    40s
  • max time network
    43s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    15/09/2022, 10:36

General

  • Target

    SecuriteInfo.com.Variant.Lazy.243500.8429.32613.exe

  • Size

    171KB

  • MD5

    49d5d24cbb05b73ff7b6b5202562bea6

  • SHA1

    9fc158a090dc9d12d9281baac20d4aec2e223c16

  • SHA256

    f6743599ef8f0c90e862c9f7ef8fc0718f7faf6315797e06c43ed4b14686be23

  • SHA512

    f44d5cb085c375b6027fd2fd40d7e1f1ed27082c47007e2750fe0174c1295ed52a0edbc8929fea4739f858ca7f352947f14a6522514b34ba127fc3393a26ab8b

  • SSDEEP

    3072:kxr/raVa3+8U1wNSuI1CzT1f/yMvAOhaKKDGI5BvlAgqod/Nk/YPR2yfkHm:kxSVlwI1WycAOhaKiGaZlAgqE/Nk/YPv

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Lazy.243500.8429.32613.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Lazy.243500.8429.32613.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1504
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"
      2⤵
        PID:112
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"
        2⤵
          PID:764
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"
          2⤵
            PID:760
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"
            2⤵
              PID:1744
            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
              "C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"
              2⤵
                PID:1940

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1504-54-0x0000000001340000-0x0000000001370000-memory.dmp

              Filesize

              192KB

            • memory/1504-55-0x0000000000260000-0x000000000026C000-memory.dmp

              Filesize

              48KB

            • memory/1504-56-0x0000000000270000-0x0000000000278000-memory.dmp

              Filesize

              32KB