Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

ab6fe618e0...7f.exe

windows7-x64

8

ab6fe618e0...7f.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    142s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/11/2022, 09:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ab6fe618e09399709a8337cce0fcd8fa233144283681a10d7c7eac475d79c07f.exe

  • Size

    476KB

  • MD5

    89c4bf7297f085059f17b0ba1aa9c28d

  • SHA1

    f745c646fdf028af68934ed508ea59196690c6d6

  • SHA256

    ab6fe618e09399709a8337cce0fcd8fa233144283681a10d7c7eac475d79c07f

  • SHA512

    3b4e5f9fb6440d8ca00d6c186cf8d8a541705d27b2e2e293c8742a54c531f73d23a6e1bd4a99d9a327b8f71aa95b8887df336c48844d8427946517ca6f3241e9

  • SSDEEP

    12288:st5AZ4CH2jUyobbWxLxKveZt/nNrV7LS8W:5Z4CWonixKverN9ZW

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ab6fe618e09399709a8337cce0fcd8fa233144283681a10d7c7eac475d79c07f.exe
    "C:\Users\Admin\AppData\Local\Temp\ab6fe618e09399709a8337cce0fcd8fa233144283681a10d7c7eac475d79c07f.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5064
    • C:\Users\Admin\AppData\Local\Temp\izsilaivzltjlbd.exe
      "C:\Users\Admin\AppData\Local\Temp\\izsilaivzltjlbd.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\izsilaivzltjlbd.exe
    Filesize

    24KB

    MD5

    bded699ccef883840badce58f804d7f8

    SHA1

    24af43a1d9718fe780b5d9ae6827217c0e642adf

    SHA256

    882a8bc0d59d5a6b25dd92d301ab47427db727cce84d37b299bc18be14b1ba34

    SHA512

    2a86aca1ae37bc2c90549112be52f962723d3a0d09257867efe47d3fc5afca418075d38ce30b2185afe2451eac774d2485fd4bd6563d28de11fed41a8f276bd8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\izsilaivzltjlbd.exe
    Filesize

    24KB

    MD5

    bded699ccef883840badce58f804d7f8

    SHA1

    24af43a1d9718fe780b5d9ae6827217c0e642adf

    SHA256

    882a8bc0d59d5a6b25dd92d301ab47427db727cce84d37b299bc18be14b1ba34

    SHA512

    2a86aca1ae37bc2c90549112be52f962723d3a0d09257867efe47d3fc5afca418075d38ce30b2185afe2451eac774d2485fd4bd6563d28de11fed41a8f276bd8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\parent.txt
    Filesize

    476KB

    MD5

    89c4bf7297f085059f17b0ba1aa9c28d

    SHA1

    f745c646fdf028af68934ed508ea59196690c6d6

    SHA256

    ab6fe618e09399709a8337cce0fcd8fa233144283681a10d7c7eac475d79c07f

    SHA512

    3b4e5f9fb6440d8ca00d6c186cf8d8a541705d27b2e2e293c8742a54c531f73d23a6e1bd4a99d9a327b8f71aa95b8887df336c48844d8427946517ca6f3241e9

    Download Submit

  • memory/2168-135-0x00007FFAB5730000-0x00007FFAB6166000-memory.dmp

    Filesize

    10.2MB

    Download

  • memory/2168-137-0x000000000077A000-0x000000000077F000-memory.dmp

    Filesize

    20KB

    Download

  • memory/2168-138-0x000000000077A000-0x000000000077F000-memory.dmp

    Filesize

    20KB

    Download