Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

8d212058fd...48.exe

windows7-x64

8

8d212058fd...48.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    153s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2022, 23:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8d212058fd39c5ae749d6571d39478b82af5a9f02d31b09942789ce706162148.exe

  • Size

    91KB

  • MD5

    07ae6a258af5393c7ee39f08b0440968

  • SHA1

    955caec428f81c8b00878bba33184f2b3caaeb0b

  • SHA256

    8d212058fd39c5ae749d6571d39478b82af5a9f02d31b09942789ce706162148

  • SHA512

    e7095141429fc1f887fbb41edd4e99c51ece5e4ab29aa29a1ba2c7dea9c9649fcc9e8a2059d318beb80856d35859d6bd0d842c9ba17e6c29fdf8221546e3e8ce

  • SSDEEP

    1536:xLJsQn+bjaPBpHajDCo3xUOGmeoTJOYf7xMQDqIRkx2ix6Qqeo531jKQ:Zv66EX3eqOYf7GQO2i+3

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8d212058fd39c5ae749d6571d39478b82af5a9f02d31b09942789ce706162148.exe
    "C:\Users\Admin\AppData\Local\Temp\8d212058fd39c5ae749d6571d39478b82af5a9f02d31b09942789ce706162148.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    PID:2024
  • C:\Windows\SysWOW64\kernl32.exe
    C:\Windows\SysWOW64\kernl32.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:2016
  • C:\Windows\svchost.exe
    C:\Windows\svchost.exe
    1⤵
    • Executes dropped EXE
    PID:1784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\kernl32.exe
    Filesize

    117KB

    MD5

    09b392a84390937689ba3e949cb95cb7

    SHA1

    79e88f93002389c72b8269dd0e11050443ac82e0

    SHA256

    c0f0223d91d7db58bb4eb52f64205188507305595b0f3d511665e9cdcf116238

    SHA512

    7e8a4a1e1583083458f3e786ca700571ede916a78f1a2cada53e284fab30654965155f0e199075278f08ad791fdb1905e73e7e4c31d3f7d878260af8b57e84e9

    Download Submit

  • C:\Windows\svchost.exe
    Filesize

    40KB

    MD5

    414ba9b889d34009d477477170ad15be

    SHA1

    1d480f48c3f9395c2fccfde24274026822375f2c

    SHA256

    56e6c28e25f23c681118da0c4b32d18a022cd790d429830b50923753867a93c4

    SHA512

    6bd27b9d578c085974f364579c68f02cb910281cbb13efdd59b366c453107e19f7da3274e15bc49d29f051d61254ef5f707d44442e756f5cd53588e96a94e252

    Download Submit