Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

d4e9513a59...48.exe

windows7-x64

d4e9513a59...48.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    260s
  • max time network
    373s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/12/2022, 17:03 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d4e9513a59cdf7c5c8929167269ccadc288673a8d64251b4f40e10a92a188d48.exe

  • Size

    113KB

  • MD5

    dd81bf48be10ab867cbce265d02a7fa9

  • SHA1

    08e7e322aa569e2d621ef4c7a15804e7953e9176

  • SHA256

    d4e9513a59cdf7c5c8929167269ccadc288673a8d64251b4f40e10a92a188d48

  • SHA512

    66078b4cfc4c9cefa781d562705b8471ad3ea79fc914a399b11b960f40705c0f59b30728551d4307bb8010d0c7c35459963302bee51aa8ee81038576a7406d52

  • SSDEEP

    1536:X5LnbKjp2Lvu9v8iFXItzM63a/jp20q7c88dSaR5AI988af95p1Xmsoew/lDtW:JLbKjoLvgv8KSQ+g203S25Kd1Wsovto

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d4e9513a59cdf7c5c8929167269ccadc288673a8d64251b4f40e10a92a188d48.exe
    "C:\Users\Admin\AppData\Local\Temp\d4e9513a59cdf7c5c8929167269ccadc288673a8d64251b4f40e10a92a188d48.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:604
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x4 /state0:0xa39ae055 /state1:0x41c64e6d
    1⤵
    • Modifies data under HKEY_USERS
    • Suspicious use of SetWindowsHookEx
    PID:1908

Network

    No results found
  • 93.184.220.29:80
    322 B
     7
  • 93.184.221.240:80
    322 B
     7
  • 20.189.173.12:443
    322 B
     7
  • 104.80.225.205:443
    322 B
     7
  • 93.184.221.240:80
    260 B
     5
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/604-132-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/604-133-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.