Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

dba19c6543...18.exe

windows7-x64

1

dba19c6543...18.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    29s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/10/2022, 22:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dba19c6543ae2e55fdc60c7ee66044576daced193e89cf8e206991fcc3c7f618.exe

  • Size

    132KB

  • MD5

    5552bcfe5af9a0a2a4be1fe5fdb4f760

  • SHA1

    4f19a150542c79b5b1df4bbc0d59119885ecf4fd

  • SHA256

    dba19c6543ae2e55fdc60c7ee66044576daced193e89cf8e206991fcc3c7f618

  • SHA512

    bd362405362021b7bbb12e9527e13ffb11ec2af46330268e85faf6b70245627fe8fc6a17ee479a4c25c195afe38bb0eb76d0ce69898c9c712fe7ba769f5783dc

  • SSDEEP

    3072:v4WToJpCKGsd86nMS8iPum/Sys3+AgpS9nk064u:v9T03KUjmFyAjo2/64u

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dba19c6543ae2e55fdc60c7ee66044576daced193e89cf8e206991fcc3c7f618.exe
    "C:\Users\Admin\AppData\Local\Temp\dba19c6543ae2e55fdc60c7ee66044576daced193e89cf8e206991fcc3c7f618.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4336
    • C:\Users\Admin\AppData\Local\Temp\dba19c6543ae2e55fdc60c7ee66044576daced193e89cf8e206991fcc3c7f618.exe
      "C:\Users\Admin\AppData\Local\Temp\dba19c6543ae2e55fdc60c7ee66044576daced193e89cf8e206991fcc3c7f618.exe"71
      2⤵
        PID:308
        • C:\Users\Admin\xuame.exe
          "C:\Users\Admin\xuame.exe"
          3⤵
            PID:3220
            • C:\Users\Admin\xuame.exe
              "C:\Users\Admin\xuame.exe" 71
              4⤵
                PID:3260
            • C:\Windows\SysWOW64\PhotoScreensaver.scr
              "C:\Windows\System32\PhotoScreensaver.scr" /S
              3⤵
                PID:1556

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\xuame.exe
            Filesize

            132KB

            MD5

            5552bcfe5af9a0a2a4be1fe5fdb4f760

            SHA1

            4f19a150542c79b5b1df4bbc0d59119885ecf4fd

            SHA256

            dba19c6543ae2e55fdc60c7ee66044576daced193e89cf8e206991fcc3c7f618

            SHA512

            bd362405362021b7bbb12e9527e13ffb11ec2af46330268e85faf6b70245627fe8fc6a17ee479a4c25c195afe38bb0eb76d0ce69898c9c712fe7ba769f5783dc

            Download Submit

          • C:\Users\Admin\xuame.exe
            Filesize

            132KB

            MD5

            5552bcfe5af9a0a2a4be1fe5fdb4f760

            SHA1

            4f19a150542c79b5b1df4bbc0d59119885ecf4fd

            SHA256

            dba19c6543ae2e55fdc60c7ee66044576daced193e89cf8e206991fcc3c7f618

            SHA512

            bd362405362021b7bbb12e9527e13ffb11ec2af46330268e85faf6b70245627fe8fc6a17ee479a4c25c195afe38bb0eb76d0ce69898c9c712fe7ba769f5783dc

            Download Submit

          • C:\Users\Admin\xuame.exe
            Filesize

            132KB

            MD5

            5552bcfe5af9a0a2a4be1fe5fdb4f760

            SHA1

            4f19a150542c79b5b1df4bbc0d59119885ecf4fd

            SHA256

            dba19c6543ae2e55fdc60c7ee66044576daced193e89cf8e206991fcc3c7f618

            SHA512

            bd362405362021b7bbb12e9527e13ffb11ec2af46330268e85faf6b70245627fe8fc6a17ee479a4c25c195afe38bb0eb76d0ce69898c9c712fe7ba769f5783dc

            Download Submit

          • memory/308-135-0x0000000000400000-0x0000000000416000-memory.dmp

            Filesize

            88KB

            Download

          • memory/308-137-0x0000000000400000-0x0000000000416000-memory.dmp

            Filesize

            88KB

            Download

          • memory/308-140-0x0000000000400000-0x0000000000416000-memory.dmp

            Filesize

            88KB

            Download

          • memory/308-141-0x0000000000400000-0x0000000000416000-memory.dmp

            Filesize

            88KB

            Download

          • memory/3260-155-0x0000000000400000-0x0000000000416000-memory.dmp

            Filesize

            88KB

            Download