Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

c5d5420101...82.exe

windows7-x64

c5d5420101...82.exe

windows10-2004-x64

Analysis

  • max time kernel
    47s
  • max time network
    102s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 06:24

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    c5d542010124f44d87f7a43d827a81501e797ed86b77e0e57565fe1e55ddd482.exe

  • Size

    96KB

  • MD5

    04fa822abc8f704562ea27831d4e7a3f

  • SHA1

    2f596558755098e4610a6cd7e0f7d366a3272a7a

  • SHA256

    c5d542010124f44d87f7a43d827a81501e797ed86b77e0e57565fe1e55ddd482

  • SHA512

    ea61d26aa0d314cd695bb6c648a7c68609aad8278a6010ad8a6789ae9321ab7310fd863ddd0bda181b2040c5584ccfba202883a1c9a8e9f7c05a53b2a59df6a4

  • SSDEEP

    1536:J1tQMAZtMu1QZ6werwhrsDjRN1RF5CcHvC5udKETfhesoWG/NajoO5iBgmQB:J1tQM4tMwQZC0hrWN1w2bdKOe9/Mjopi

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c5d542010124f44d87f7a43d827a81501e797ed86b77e0e57565fe1e55ddd482.exe
    "C:\Users\Admin\AppData\Local\Temp\c5d542010124f44d87f7a43d827a81501e797ed86b77e0e57565fe1e55ddd482.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2040
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:460
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:1688

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/460-57-0x000007FEFC471000-0x000007FEFC473000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2040-54-0x00000000761E1000-0x00000000761E3000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2040-55-0x0000000001000000-0x0000000001019000-memory.dmp

        Filesize

        100KB

        Download

      • memory/2040-56-0x0000000001000000-0x0000000001019000-memory.dmp

        Filesize

        100KB

        Download