Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

195cd3ff86...63.exe

windows7-x64

7

195cd3ff86...63.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    152s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/11/2022, 10:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    195cd3ff869bd25e857e5815cd26a3523fc4d9f70841e27726a5ff0c97d6ca63.exe

  • Size

    680KB

  • MD5

    293e93dc7cd681edd2e7807c7a3f2aec

  • SHA1

    f11280c14e439d236b0b4fb2ddfc03d3cb49aff4

  • SHA256

    195cd3ff869bd25e857e5815cd26a3523fc4d9f70841e27726a5ff0c97d6ca63

  • SHA512

    5b4806e414ba8717a08fb0efc47526fbe6b4165a93edd7cc5fa480463f6b1ac654165bf35707f48d2be49ecf30811d06e3e0c7eb97a8d08c3a9d7d2d572aa6dc

  • SSDEEP

    12288:5tuuuuuuK0Jnn/b5TgIQHUbHdZPxa7JsymDm3rDG+Ll8/g:5XJneIFfob3rDGIl

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\195cd3ff869bd25e857e5815cd26a3523fc4d9f70841e27726a5ff0c97d6ca63.exe
    "C:\Users\Admin\AppData\Local\Temp\195cd3ff869bd25e857e5815cd26a3523fc4d9f70841e27726a5ff0c97d6ca63.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4984
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x324 0x484
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\bassmod.dll
    Filesize

    36KB

    MD5

    df8dc26a027784a75dde0d64b46ac5ab

    SHA1

    eb925aa1a84321fc2e805ecc347e350b64db0a71

    SHA256

    82309fbfde20354cbd0159ae00d89b3c4bcfbe4324166d5210b815aa0ba77ca9

    SHA512

    218933716d04f9ca7abaab9895fbc3acdb3dd232d1717da7ac5e6b232e18bbe5a65a41c2e1129b04d260dbb2f9dc101420aadbf12cbadfd1bf2ead2773f4e482

    Download Submit

  • memory/4984-132-0x00000000747E0000-0x0000000074D91000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4984-134-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4984-135-0x00000000747E0000-0x0000000074D91000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4984-136-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download