Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

92339d4c81...af.exe

windows7-x64

8

92339d4c81...af.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    142s
  • max time network
    169s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/11/2022, 10:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    92339d4c8142cfa98b1d98d371d187edaa9a8f95bfa801eb401387ca237795af.exe

  • Size

    600KB

  • MD5

    693ac408458bff6719ad3800700e96c2

  • SHA1

    67c44891a7cc1f72ee06f43542988722c2748aaf

  • SHA256

    92339d4c8142cfa98b1d98d371d187edaa9a8f95bfa801eb401387ca237795af

  • SHA512

    a8d34f9b77bd86a2f6695688d57493fb1d55bfe9b6df7f4090b739da89b0717f296bd31df8fed1e76657fa959ff9215094522394048d80ffe65c4e64d71bd962

  • SSDEEP

    12288:aqhP6pCcEFlPxG8odvoy7c2e7tN7ainFc6Ivj0k2e8RqpWYS3d0/Ddl338:auPTLsDINvawFc6IwXeaqpWYS3a/Zt38

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Kills process with taskkill 1 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\92339d4c8142cfa98b1d98d371d187edaa9a8f95bfa801eb401387ca237795af.exe
    "C:\Users\Admin\AppData\Local\Temp\92339d4c8142cfa98b1d98d371d187edaa9a8f95bfa801eb401387ca237795af.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4836
    • C:\Users\Admin\AppData\Local\Temp\is-IV3UI.tmp\92339d4c8142cfa98b1d98d371d187edaa9a8f95bfa801eb401387ca237795af.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-IV3UI.tmp\92339d4c8142cfa98b1d98d371d187edaa9a8f95bfa801eb401387ca237795af.tmp" /SL5="$80062,362930,52224,C:\Users\Admin\AppData\Local\Temp\92339d4c8142cfa98b1d98d371d187edaa9a8f95bfa801eb401387ca237795af.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:5000
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe" /c"taskkill /im iexplore.exe /f"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:4892
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /im iexplore.exe /f
          4⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:3084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-IV3UI.tmp\92339d4c8142cfa98b1d98d371d187edaa9a8f95bfa801eb401387ca237795af.tmp
    Filesize

    699KB

    MD5

    3c01afb860055a9c132e202674c4f155

    SHA1

    e60b6721917b7ea4c2cb455ba1f4a4b5a2075482

    SHA256

    525f4dad705a0a916da9c91a8a5f3d6ec670ab9594c0fe90c599971431aa1818

    SHA512

    8dd3cd1a527f816bdc495c0c6af3b65b8bf2dae16da025f27794c3313bc86843a66012502606958d397ccc82138f3935d5fb72750640c2701d524cc935cf5d4e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-IV3UI.tmp\92339d4c8142cfa98b1d98d371d187edaa9a8f95bfa801eb401387ca237795af.tmp
    Filesize

    699KB

    MD5

    3c01afb860055a9c132e202674c4f155

    SHA1

    e60b6721917b7ea4c2cb455ba1f4a4b5a2075482

    SHA256

    525f4dad705a0a916da9c91a8a5f3d6ec670ab9594c0fe90c599971431aa1818

    SHA512

    8dd3cd1a527f816bdc495c0c6af3b65b8bf2dae16da025f27794c3313bc86843a66012502606958d397ccc82138f3935d5fb72750640c2701d524cc935cf5d4e

    Download Submit

  • memory/4836-132-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4836-137-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4836-140-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download