Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

d81ee79253...34.exe

windows7-x64

7

d81ee79253...34.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/10/2022, 09:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d81ee79253f1c91f0af45618ea8217ab1e89ee7fa678f5d60f050e1f32390734.exe

  • Size

    788KB

  • MD5

    730ba9b0c186b6ccb5406c9826c0b0e0

  • SHA1

    89c994298382266b76f8a86da80f1aa1d1dff4bc

  • SHA256

    d81ee79253f1c91f0af45618ea8217ab1e89ee7fa678f5d60f050e1f32390734

  • SHA512

    0bfcac7fece2d9af5bd0b432626a1832a9605c7d4e2b5329e18f1b08176cbc1a559ec95f788385b25dcf9c25a2f354cbbb5346261d8ae95b2cd304d01fb94286

  • SSDEEP

    12288:CSP2Vu2On5XQlE983JNsUDvlkd73hS3n8H5PGFAyG/Q7wv2Q:9/2On5XakphS305P4An/9V

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 19 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d81ee79253f1c91f0af45618ea8217ab1e89ee7fa678f5d60f050e1f32390734.exe
    "C:\Users\Admin\AppData\Local\Temp\d81ee79253f1c91f0af45618ea8217ab1e89ee7fa678f5d60f050e1f32390734.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:3012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\dfsFF64.tmp
    Filesize

    537KB

    MD5

    ff7eef4dfcc3c54deb1bb962d39b5ad9

    SHA1

    7125758b5088e41160ae6d04a30ed20b842fdc7b

    SHA256

    65534417c3d94effdc940ee2cbcc57adb81b00f9584a4f3f4cc6f5d5f9ed18a9

    SHA512

    e0cfcd65d21dc8094782a09202ca26365d15c258992cc96045760a2393c979cc3db0236572efd3ae634fab48bb85557db12e07740687e8c69706d13d4682e142

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\dfsFF64.tmp
    Filesize

    537KB

    MD5

    ff7eef4dfcc3c54deb1bb962d39b5ad9

    SHA1

    7125758b5088e41160ae6d04a30ed20b842fdc7b

    SHA256

    65534417c3d94effdc940ee2cbcc57adb81b00f9584a4f3f4cc6f5d5f9ed18a9

    SHA512

    e0cfcd65d21dc8094782a09202ca26365d15c258992cc96045760a2393c979cc3db0236572efd3ae634fab48bb85557db12e07740687e8c69706d13d4682e142

    Download Submit

  • memory/3012-134-0x0000000004D50000-0x0000000004DDC000-memory.dmp

    Filesize

    560KB

    Download

  • memory/3012-135-0x00000000056E0000-0x0000000005C84000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/3012-136-0x00000000051D0000-0x0000000005262000-memory.dmp

    Filesize

    584KB

    Download

  • memory/3012-137-0x0000000005170000-0x000000000517A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3012-138-0x00000000093C0000-0x0000000009426000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3012-139-0x000000000E240000-0x000000000E9E6000-memory.dmp

    Filesize

    7.6MB

    Download