Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

f19331ecb9...15.exe

windows7-x64

8

f19331ecb9...15.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    43s
  • max time network
    86s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    30/10/2022, 14:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f19331ecb941b3db1435d161eddd4afefdb376c427ae7792bbb8d215b345e515.exe

  • Size

    77KB

  • MD5

    a2837f6c25718e57c4ed63c25980ecc0

  • SHA1

    2fa4715af45a6e20a496f2ce748ea5d4a6526094

  • SHA256

    f19331ecb941b3db1435d161eddd4afefdb376c427ae7792bbb8d215b345e515

  • SHA512

    73b4c3b4fd4ac7a67e937caaec1b1bc914a240403e3074996ef1b2cd17ce7675507614faea487ad45867b9bd77e893264838209469093a867cef16595a999625

  • SSDEEP

    768:zXS6Lnze1gshn5ew/QuBdL/4Ckir4SWeq3HwFdkt+Afs2DBnoCCu8wO7YZK6Kcgu:TSSnze1gsJ55n/4CkOwwF+bhoq8wO0O

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f19331ecb941b3db1435d161eddd4afefdb376c427ae7792bbb8d215b345e515.exe
    "C:\Users\Admin\AppData\Local\Temp\f19331ecb941b3db1435d161eddd4afefdb376c427ae7792bbb8d215b345e515.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2028
  • C:\Windows\SysWOW64\Winkir.exe
    C:\Windows\SysWOW64\Winkir.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\Winkir.exe
    Filesize

    82KB

    MD5

    298134033bc65d7e08a232ca2512b0f1

    SHA1

    626eee8199f9981290b98d473dba7d7ad1fd4f7a

    SHA256

    28c15d09741c49233e46bed6035f0542a2f4f9a94256b4242b8741c22f5341d7

    SHA512

    999d848645ad6892f234258e42eedc0a3b92ded122adb7b51da653918fc7a6f01e3b457b2c9b26be3f06eede522d6d15b62fcb3008b150777b90ff206bcfe24b

    Download Submit

  • C:\Windows\SysWOW64\Winkir.exe
    Filesize

    82KB

    MD5

    298134033bc65d7e08a232ca2512b0f1

    SHA1

    626eee8199f9981290b98d473dba7d7ad1fd4f7a

    SHA256

    28c15d09741c49233e46bed6035f0542a2f4f9a94256b4242b8741c22f5341d7

    SHA512

    999d848645ad6892f234258e42eedc0a3b92ded122adb7b51da653918fc7a6f01e3b457b2c9b26be3f06eede522d6d15b62fcb3008b150777b90ff206bcfe24b

    Download Submit