Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

Extreme In...v3.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    33s
  • max time network
    37s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/04/2023, 09:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Extreme Injector v3.exe

  • Size

    1.9MB

  • MD5

    ec801a7d4b72a288ec6c207bb9ff0131

  • SHA1

    32eec2ae1f9e201516fa7fcdc16c4928f7997561

  • SHA256

    b65f40618f584303ca0bcf9b5f88c233cc4237699c0c4bf40ba8facbe8195a46

  • SHA512

    a07dd5e8241de73ce65ff8d74acef4942b85fc45cf6a7baafd3c0f9d330b08e7412f2023ba667e99b40e732a65e8fb4389f7fe73c7b6256ca71e63afe46cdcac

  • SSDEEP

    49152:NNEVtO1U1y1DDDDDD7Llngq7NNMqU0p2Vhk9a:NNEVJyZlng4p2V

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 33 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 50 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Extreme Injector v3.exe
    "C:\Users\Admin\AppData\Local\Temp\Extreme Injector v3.exe"
    1⤵
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2116

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
    Filesize

    28KB

    MD5

    d31ebe6ba1190ca68968ee958a4a6ecf

    SHA1

    b172a158179b8a9d2bd2c806db8f967c8c099db7

    SHA256

    6d5db4de1c005c507dd6297e2e3b282d112933a00be2a7602b490ec567d36fb2

    SHA512

    b2f39f56bcc2256f6a2f1a97366b5ccbd37a35671160ea0bc73605720c94eaef2f8fac75ec5b288222495ab7706c6ee01dd5ce9da078b51e18944f49016cefc3

    Download Submit

  • memory/2116-133-0x0000000000600000-0x00000000007E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2116-134-0x000000001B4A0000-0x000000001B4B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2116-135-0x000000001C250000-0x000000001C262000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2116-136-0x000000001E8A0000-0x000000001E8DC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2116-138-0x000000001B4A0000-0x000000001B4B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2116-139-0x000000001B4A0000-0x000000001B4B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2116-140-0x000000001B4A0000-0x000000001B4B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2116-141-0x000000001B4A0000-0x000000001B4B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2116-144-0x000000001B4A0000-0x000000001B4B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2116-150-0x000000001B4A0000-0x000000001B4B0000-memory.dmp

    Filesize

    64KB

    Download