Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

a9a8dad742...a7.exe

windows7-x64

10

a9a8dad742...a7.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    307s
  • max time network
    337s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/05/2023, 18:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a9a8dad74248edb2ffe47d02dd1af4a7.exe

  • Size

    674KB

  • MD5

    a9a8dad74248edb2ffe47d02dd1af4a7

  • SHA1

    b04ea4f64c22d78b297c3ef715d9add277dffe4d

  • SHA256

    fd50f8a4b47eb7346622a6dce9aad13c912d73fa5bffd0e891879f79c64f89b7

  • SHA512

    f3ecb64a2c22ca88bd062f62301d4c5605e9e047673692a172a356ee796ec274ec295bdf7ae42055d699141bfc64956d57272a671e30bd7b576dd0cb9d3a8627

  • SSDEEP

    12288:ey9084ldMM0r9HdHOJ+PecfR9XrIhyQ1xwGXjOoiwyWaxuvZ:eyGldmRhP5fR9XrMyDkvjzIuvZ

Score
10/10
evasionpersistencetrojan

Malware Config

Signatures

  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • Executes dropped EXE 3 IoCs
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a9a8dad74248edb2ffe47d02dd1af4a7.exe
    "C:\Users\Admin\AppData\Local\Temp\a9a8dad74248edb2ffe47d02dd1af4a7.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1648
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st755619.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st755619.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:1408
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\42255789.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\42255789.exe
        3⤵
        • Modifies Windows Defender Real-time Protection settings
        • Executes dropped EXE
        • Windows security modification
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3584
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp671344.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp671344.exe
        3⤵
        • Executes dropped EXE
        PID:628

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st755619.exe
    Filesize

    520KB

    MD5

    a46267554be7386ed24bdf1f0bdf0924

    SHA1

    6835d300adf924427af1c34f554ae2aaf86d0492

    SHA256

    c9280c47e2b7e8824a7c5e3ed3200b13e65e9ebcfe7c751bb97bc363a3f013c5

    SHA512

    0c68287963ce511eb1ce2af8dd80029d17e8baed57f0339945198b8324250b04393ca11f42230fe7d934d4c9cd37b236e1dfa3337ee4ea04cc4cfe96d86902e7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st755619.exe
    Filesize

    520KB

    MD5

    a46267554be7386ed24bdf1f0bdf0924

    SHA1

    6835d300adf924427af1c34f554ae2aaf86d0492

    SHA256

    c9280c47e2b7e8824a7c5e3ed3200b13e65e9ebcfe7c751bb97bc363a3f013c5

    SHA512

    0c68287963ce511eb1ce2af8dd80029d17e8baed57f0339945198b8324250b04393ca11f42230fe7d934d4c9cd37b236e1dfa3337ee4ea04cc4cfe96d86902e7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\42255789.exe
    Filesize

    175KB

    MD5

    a165b5f6b0a4bdf808b71de57bf9347d

    SHA1

    39a7b301e819e386c162a47e046fa384bb5ab437

    SHA256

    68349ed349ed7bbb9a279ac34ea4984206a1a1b3b73587fd1b109d55391af09a

    SHA512

    3dd6ca63a2aecb2a0599f0b918329e75b92eb5259d6986bd8d41cb8ebcf7b965bbd12786929d61743ae8613c2e180078f2eed2835ccb54378cd343c4a048c1a1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\42255789.exe
    Filesize

    175KB

    MD5

    a165b5f6b0a4bdf808b71de57bf9347d

    SHA1

    39a7b301e819e386c162a47e046fa384bb5ab437

    SHA256

    68349ed349ed7bbb9a279ac34ea4984206a1a1b3b73587fd1b109d55391af09a

    SHA512

    3dd6ca63a2aecb2a0599f0b918329e75b92eb5259d6986bd8d41cb8ebcf7b965bbd12786929d61743ae8613c2e180078f2eed2835ccb54378cd343c4a048c1a1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp671344.exe
    Filesize

    415KB

    MD5

    f6eb3e3c8cb436937565f895b77e1f80

    SHA1

    fbb9bb0f48853bb9332305170d062ae9f5062e87

    SHA256

    2bae93fbb7cc07a338e728a26b7e4d44797872d2eda3d182936ee5a1fcb7da6d

    SHA512

    28a8b98b7ba4a92b1eb4cf57909805426ecad7702b12aaf0c62a9d394f4990b2049be5ec13c554e280746852cf5c5bf1d0ccaa6ddaeb6a54695665dd391d6c46

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp671344.exe
    Filesize

    415KB

    MD5

    f6eb3e3c8cb436937565f895b77e1f80

    SHA1

    fbb9bb0f48853bb9332305170d062ae9f5062e87

    SHA256

    2bae93fbb7cc07a338e728a26b7e4d44797872d2eda3d182936ee5a1fcb7da6d

    SHA512

    28a8b98b7ba4a92b1eb4cf57909805426ecad7702b12aaf0c62a9d394f4990b2049be5ec13c554e280746852cf5c5bf1d0ccaa6ddaeb6a54695665dd391d6c46

    Download Submit

  • memory/3584-162-0x0000000004BD0000-0x0000000004BE3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/3584-168-0x0000000004BD0000-0x0000000004BE3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/3584-151-0x0000000004BD0000-0x0000000004BE3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/3584-152-0x0000000004BD0000-0x0000000004BE3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/3584-154-0x0000000004BD0000-0x0000000004BE3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/3584-156-0x0000000004BD0000-0x0000000004BE3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/3584-158-0x0000000004BD0000-0x0000000004BE3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/3584-160-0x0000000004BD0000-0x0000000004BE3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/3584-149-0x0000000004D20000-0x0000000004D30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3584-164-0x0000000004BD0000-0x0000000004BE3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/3584-166-0x0000000004BD0000-0x0000000004BE3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/3584-150-0x0000000004D30000-0x00000000052D4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/3584-170-0x0000000004BD0000-0x0000000004BE3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/3584-172-0x0000000004BD0000-0x0000000004BE3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/3584-174-0x0000000004BD0000-0x0000000004BE3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/3584-176-0x0000000004BD0000-0x0000000004BE3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/3584-178-0x0000000004BD0000-0x0000000004BE3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/3584-179-0x0000000004D20000-0x0000000004D30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3584-180-0x0000000004D20000-0x0000000004D30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3584-181-0x0000000004D20000-0x0000000004D30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3584-148-0x0000000004D20000-0x0000000004D30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3584-147-0x0000000004D20000-0x0000000004D30000-memory.dmp

    Filesize

    64KB

    Download