Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

e4aad8a608...f4.exe

windows7-x64

10

e4aad8a608...f4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    26/11/2022, 01:49 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e4aad8a60878a26038938ba820f099f4cc38e2b7899096f6192ec02ec7c5c9f4.exe

  • Size

    533KB

  • MD5

    5b6035c854f23e80f9566d50b8916205

  • SHA1

    a29dc86977e7aa6a9270510f825c2127473539a5

  • SHA256

    e4aad8a60878a26038938ba820f099f4cc38e2b7899096f6192ec02ec7c5c9f4

  • SHA512

    f4acdd5d49e7cadaa902c5504032d0b6755029231cfe659fecc6e288633c4a0949509b3552793fc5522e3d9c5e773b8ea576c934fa7550b7a14ca7017daab0f5

  • SSDEEP

    12288:Sn5IPFcKI9r2g2vUQSDJsIO86NaAR3yJekjBe06:SKPNcwvUOI7HARyjjQF

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Signatures

  • Imminent RAT

    Remote-access trojan based on Imminent Monitor remote admin software.

    trojanspywareimminent
  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e4aad8a60878a26038938ba820f099f4cc38e2b7899096f6192ec02ec7c5c9f4.exe
    "C:\Users\Admin\AppData\Local\Temp\e4aad8a60878a26038938ba820f099f4cc38e2b7899096f6192ec02ec7c5c9f4.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:536
    • C:\Users\Admin\AppData\Local\Temp\e4aad8a60878a26038938ba820f099f4cc38e2b7899096f6192ec02ec7c5c9f4.exe
      "C:\Users\Admin\AppData\Local\Temp\e4aad8a60878a26038938ba820f099f4cc38e2b7899096f6192ec02ec7c5c9f4.exe"
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:268

Network

  • flag-unknown
    DNS
    allthetime.no-ip.org
    e4aad8a60878a26038938ba820f099f4cc38e2b7899096f6192ec02ec7c5c9f4.exe
    Remote address:
    8.8.8.8:53
    Request
    allthetime.no-ip.org
    IN A
    Response
No results found
  • 8.8.8.8:53
    allthetime.no-ip.org
    dns
    e4aad8a60878a26038938ba820f099f4cc38e2b7899096f6192ec02ec7c5c9f4.exe
    66 B
     126 B
     1
    1

    DNS Request

    allthetime.no-ip.org

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/268-61-0x0000000000400000-0x000000000044A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/268-57-0x0000000000400000-0x000000000044A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/268-58-0x0000000000400000-0x000000000044A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/268-60-0x0000000000400000-0x000000000044A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/268-62-0x0000000000400000-0x000000000044A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/268-65-0x0000000000400000-0x000000000044A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/268-67-0x0000000000400000-0x000000000044A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/268-69-0x0000000074CB0000-0x000000007525B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/268-70-0x0000000074CB0000-0x000000007525B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/536-55-0x0000000074CB0000-0x000000007525B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/536-56-0x0000000074CB0000-0x000000007525B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/536-54-0x0000000075BA1000-0x0000000075BA3000-memory.dmp

    Filesize

    8KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.