Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

0d142a50bc...ef.exe

windows7-x64

8

0d142a50bc...ef.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    21s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29/10/2022, 01:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0d142a50bc7a67b194540613886b3c81fdda47f998f0f3c2ddb23f42ffbeb7ef.exe

  • Size

    93KB

  • MD5

    0b822a0b7ef23d17503ff3dec3abf6c1

  • SHA1

    973eac469ed942a7919dc89727ae6506b90dd9a0

  • SHA256

    0d142a50bc7a67b194540613886b3c81fdda47f998f0f3c2ddb23f42ffbeb7ef

  • SHA512

    9cb97d0099c6f93ca89a712b45b852f4b47232aa6b5943382b7695c2f745455de880c5b5d66b50be101f332e50d3df4248aae152df597f9c9a1263ced9b4ff11

  • SSDEEP

    1536:1WGxs9kGdYk8wO4Cnt8RUyhoHGjOm1QC9cTu:UGfGdYSCnNyhodTu

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0d142a50bc7a67b194540613886b3c81fdda47f998f0f3c2ddb23f42ffbeb7ef.exe
    "C:\Users\Admin\AppData\Local\Temp\0d142a50bc7a67b194540613886b3c81fdda47f998f0f3c2ddb23f42ffbeb7ef.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1724
  • C:\Windows\SysWOW64\Winkmu.exe
    C:\Windows\SysWOW64\Winkmu.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\Winkmu.exe
    Filesize

    92KB

    MD5

    b37bd98e4a035fd213556ec20f15927e

    SHA1

    a6b20ba63325761d1600f4e3ece1fed96c4a13a7

    SHA256

    6553708a712c24ba10115d4b32faded40b1a9230ab78cf91afcf63d248d87d6d

    SHA512

    dc0f5954692fd9f0b3b410a6cc668912c4fc871e5c7bd57711454a48f9be96dd99d423430da5226f3df511d227f72d1b172a4077c206b78b962d1cd948fa7ef8

    Download Submit

  • C:\Windows\SysWOW64\Winkmu.exe
    Filesize

    88KB

    MD5

    22dbaea5329bdec8aa0ec953aa32093b

    SHA1

    4946dc1da7b1ffe92d2fd46c8ad0d7129d097de6

    SHA256

    de1a15134fff8baaf516d65501ef3aa231049051865239ad1eb08b7a73954370

    SHA512

    0b834b670e83ceb0d9ad5bea202fa45682ae16c4679c33b45ded47d42936a918eb54607685df25d043056bb94ec22c80028c7445bfea969f853664feadce1624

    Download Submit