Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    134s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/11/2022, 19:13

General

  • Target

    12d0b3603ce81c1f27f0a07bf84c2df7e9218c74a543bf196758523babe09ee7.exe

  • Size

    555KB

  • MD5

    6d68f07977eca88d827e0b9484c848f0

  • SHA1

    8195c1ee1114a4867c53b7ea255890fa7a3eacac

  • SHA256

    12d0b3603ce81c1f27f0a07bf84c2df7e9218c74a543bf196758523babe09ee7

  • SHA512

    99f62cb0d6468c823568534c663acbcf49b195d7b4b1df85e252a3930cc70757b252a7b507b16ee7cfe60af6bf572a6d726006958b097205bcab96059e2f3624

  • SSDEEP

    6144:daIpkJ0+Lf1CoKQvwlX5cF5MSEdOOmR9eY865azUuSchCe8bfAPEDFV4klFuPGcy:daImJ714h52MSEdOVO6Mb1Li/FV8u/

Malware Config

Signatures

  • Imminent RAT

    Remote-access trojan based on Imminent Monitor remote admin software.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops desktop.ini file(s) 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\12d0b3603ce81c1f27f0a07bf84c2df7e9218c74a543bf196758523babe09ee7.exe
    "C:\Users\Admin\AppData\Local\Temp\12d0b3603ce81c1f27f0a07bf84c2df7e9218c74a543bf196758523babe09ee7.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\msbuild.exe
      C:\Windows\Microsoft.NET\Framework\v2.0.50727\msbuild.exe
      2⤵
      • Adds Run key to start application
      • Drops desktop.ini file(s)
      • Drops file in Windows directory
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2248

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2148-132-0x0000000066800000-0x0000000066850000-memory.dmp

    Filesize

    320KB

  • memory/2248-142-0x0000000000400000-0x000000000044A000-memory.dmp

    Filesize

    296KB

  • memory/2248-143-0x00000000755A0000-0x0000000075B51000-memory.dmp

    Filesize

    5.7MB

  • memory/2248-144-0x00000000755A0000-0x0000000075B51000-memory.dmp

    Filesize

    5.7MB