Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

bf136bd0d7...ea.exe

windows7-x64

1

bf136bd0d7...ea.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    58s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    05/05/2023, 19:20 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bf136bd0d7568d3db33aede1e943caea.exe

  • Size

    624KB

  • MD5

    bf136bd0d7568d3db33aede1e943caea

  • SHA1

    73167832a6b1cc08fc605b8fc5045ff54331c73f

  • SHA256

    3f22bd2e20b994c404cdc3fd87820817b32c3471d003c3156186ecac22936022

  • SHA512

    026c54ae5c7cca5362528b309bd5914cdb06c2fde62df8ac0c62a834c6501109436abdfd8353934e4f2d2830f74268f0592b14564a580c95a2b8b6729cc91a68

  • SSDEEP

    12288:31ni4IycA7XRrWBkz0eSZ0fso2f96VgCf/v9+pM6DkqkvB:31kG8CzXKe32qv/vopMwkqi

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bf136bd0d7568d3db33aede1e943caea.exe
    "C:\Users\Admin\AppData\Local\Temp\bf136bd0d7568d3db33aede1e943caea.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1236
    • C:\Users\Admin\AppData\Local\Temp\bf136bd0d7568d3db33aede1e943caea.exe
      "C:\Users\Admin\AppData\Local\Temp\bf136bd0d7568d3db33aede1e943caea.exe"
      2⤵
        PID:1752
      • C:\Users\Admin\AppData\Local\Temp\bf136bd0d7568d3db33aede1e943caea.exe
        "C:\Users\Admin\AppData\Local\Temp\bf136bd0d7568d3db33aede1e943caea.exe"
        2⤵
          PID:1040
        • C:\Users\Admin\AppData\Local\Temp\bf136bd0d7568d3db33aede1e943caea.exe
          "C:\Users\Admin\AppData\Local\Temp\bf136bd0d7568d3db33aede1e943caea.exe"
          2⤵
            PID:1572
          • C:\Users\Admin\AppData\Local\Temp\bf136bd0d7568d3db33aede1e943caea.exe
            "C:\Users\Admin\AppData\Local\Temp\bf136bd0d7568d3db33aede1e943caea.exe"
            2⤵
              PID:1296
            • C:\Users\Admin\AppData\Local\Temp\bf136bd0d7568d3db33aede1e943caea.exe
              "C:\Users\Admin\AppData\Local\Temp\bf136bd0d7568d3db33aede1e943caea.exe"
              2⤵
                PID:1596

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1236-54-0x00000000003D0000-0x0000000000472000-memory.dmp

              Filesize

              648KB

              Download

            • memory/1236-55-0x0000000004D10000-0x0000000004D50000-memory.dmp

              Filesize

              256KB

              Download

            • memory/1236-56-0x0000000000290000-0x00000000002A2000-memory.dmp

              Filesize

              72KB

              Download

            • memory/1236-57-0x0000000004D10000-0x0000000004D50000-memory.dmp

              Filesize

              256KB

              Download

            • memory/1236-58-0x00000000004E0000-0x00000000004EC000-memory.dmp

              Filesize

              48KB

              Download

            • memory/1236-59-0x00000000057F0000-0x0000000005858000-memory.dmp

              Filesize

              416KB

              Download

            • memory/1236-60-0x00000000044E0000-0x0000000004512000-memory.dmp

              Filesize

              200KB

              Download

            We care about your privacy.

            This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.