Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

69643a82b9...45.exe

windows7-x64

5

69643a82b9...45.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    106s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    04/10/2022, 04:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    69643a82b92ba23475e6de7d42165a54d40ac6100a661513a6d6b940c2748c45.exe

  • Size

    16KB

  • MD5

    5b617cd8964401255c535fd10da0ee40

  • SHA1

    74dcbc88a91c55d5be958fc8a0e9e1a38a94c447

  • SHA256

    69643a82b92ba23475e6de7d42165a54d40ac6100a661513a6d6b940c2748c45

  • SHA512

    e15d6b856670014844d859a1bb5c55adf1daa009e8fa8067c4178ee2a8acb5f973699cc5acb146e4428c78d4fcb5c0764e689844535c27e99a3b011110790cff

  • SSDEEP

    192:J20NGKTcvITm++JD+7fZQHCZBAlVW52DKhctfdwFP1oynR7:frOwxB+VteTx1n

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\69643a82b92ba23475e6de7d42165a54d40ac6100a661513a6d6b940c2748c45.exe
    "C:\Users\Admin\AppData\Local\Temp\69643a82b92ba23475e6de7d42165a54d40ac6100a661513a6d6b940c2748c45.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1352
  • C:\Windows\System32\spoolsv.exe
    C:\Windows\System32\spoolsv.exe
    1⤵
      PID:1112

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads