Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

testlnk.exe

windows7-x64

7

testlnk.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    4s
  • max time network
    14s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29/10/2022, 11:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    testlnk.exe

  • Size

    2.4MB

  • MD5

    30757d645e25fb8ee4871ceface19772

  • SHA1

    e21abb5ecefd8f9c9ad5f30c27ef3de913b47ed2

  • SHA256

    53a346abbdc2c926034a024aee8a4b794edb4430826489486ad0dc46d1352d41

  • SHA512

    226f96d3d36e70788a9b2019331fd29cbabfad994c31f3fda09d02304b246638caabf5623e66e870e3f9077f170286fa9cf4693f266be3a1dd17dc130f2378df

  • SSDEEP

    49152:lIgOhjpeuUTmDyXv2KT0MIrCHvn9MJ7Im7uAYHsJd0ChzzI7MVHvwWjNM:lIgOhjpeuUTmDKvG4viGm6qdU0HFNM

Score
7/10

Malware Config

Signatures

  • Uses the VBS compiler for execution 1 TTPs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\testlnk.exe
    "C:\Users\Admin\AppData\Local\Temp\testlnk.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1672
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:99848

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/99848-63-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/99848-62-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/99848-56-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/99848-54-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/99848-64-0x0000000075201000-0x0000000075203000-memory.dmp

    Filesize

    8KB

    Download