Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

1

93ec9cf649...45.exe

windows7-x64

5

93ec9cf649...45.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    66s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/02/2023, 15:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    93ec9cf64967ae7949104a8dbfad0645.exe

  • Size

    606KB

  • MD5

    93ec9cf64967ae7949104a8dbfad0645

  • SHA1

    bc87fdcf955b50d8a14ca1313ab0dc0ba4fad464

  • SHA256

    4e8729cec052302332f77edcfed6d5c7c8856dd9574afdae822f3c66d918e261

  • SHA512

    c73b6575b873fcad8d015f2c3648062cc7d47b05ba5f7ef32e18ff4879082557f488686037f8dfe8cb36d8230b4e34693d5df56e27b3d6127977276292a1ffc1

  • SSDEEP

    12288:b5EoeB2gIXaqRsQI4Fvf20482V9Ty8ZQvT811+dLBuIGxaD9Fqf24Yp:+oY25lxf2047TT5Qvg4dJGxaDSe4

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\93ec9cf64967ae7949104a8dbfad0645.exe
    "C:\Users\Admin\AppData\Local\Temp\93ec9cf64967ae7949104a8dbfad0645.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2440
    • C:\Users\Admin\AppData\Local\Temp\93ec9cf64967ae7949104a8dbfad0645.exe
      "C:\Users\Admin\AppData\Local\Temp\93ec9cf64967ae7949104a8dbfad0645.exe"
      2⤵
        PID:332
      • C:\Users\Admin\AppData\Local\Temp\93ec9cf64967ae7949104a8dbfad0645.exe
        "C:\Users\Admin\AppData\Local\Temp\93ec9cf64967ae7949104a8dbfad0645.exe"
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:2308

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2308-139-0x0000000000400000-0x000000000042F000-memory.dmp

      Filesize

      188KB

      Download

    • memory/2308-140-0x0000000000400000-0x000000000042F000-memory.dmp

      Filesize

      188KB

      Download

    • memory/2308-141-0x0000000001430000-0x000000000177A000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/2440-132-0x0000000000760000-0x00000000007FC000-memory.dmp

      Filesize

      624KB

      Download

    • memory/2440-133-0x00000000056C0000-0x0000000005C64000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/2440-134-0x00000000051B0000-0x0000000005242000-memory.dmp

      Filesize

      584KB

      Download

    • memory/2440-135-0x00000000051A0000-0x00000000051AA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2440-136-0x0000000007BE0000-0x0000000007C7C000-memory.dmp

      Filesize

      624KB

      Download