Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

064f64f786...71.exe

windows7-x64

10

064f64f786...71.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    06/05/2023, 22:42 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    064f64f786dca12c052b72854095d23ae28a5a0fff32f2458158a7c8ad386171.exe

  • Size

    618KB

  • MD5

    95b4ed8d0970e066eeb69c015c020123

  • SHA1

    6544bfff3a57ebcd77599eb071aac69b5b50393c

  • SHA256

    064f64f786dca12c052b72854095d23ae28a5a0fff32f2458158a7c8ad386171

  • SHA512

    4dfc5defb7cf5b7f78b83049791b9d113b450e8ceaac6836cb3442cc2f3b5f1bb2c4b3b790c8b0978c84992dcf60747dbb0b2cd7fd7457107e7b739b75cd15f0

  • SSDEEP

    12288:Oy904wihH0OW3xIkaDVo2wj4H+N1yB2KCqD7OmnsT:OyHUvKoFtXlqDajT

Score
10/10
evasionpersistencetrojan

Malware Config

Signatures

  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 6 IoCs
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\064f64f786dca12c052b72854095d23ae28a5a0fff32f2458158a7c8ad386171.exe
    "C:\Users\Admin\AppData\Local\Temp\064f64f786dca12c052b72854095d23ae28a5a0fff32f2458158a7c8ad386171.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1156
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st293748.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st293748.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:1928
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\39918282.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\39918282.exe
        3⤵
        • Modifies Windows Defender Real-time Protection settings
        • Executes dropped EXE
        • Windows security modification
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1484
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp811705.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp811705.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of AdjustPrivilegeToken
        PID:1008

Network

    No results found
  • 185.161.248.142:38452
    kp811705.exe
    152 B
     3
  • 185.161.248.142:38452
    kp811705.exe
    152 B
     3
  • 185.161.248.142:38452
    kp811705.exe
    152 B
     3
  • 185.161.248.142:38452
    kp811705.exe
    152 B
     3
  • 185.161.248.142:38452
    kp811705.exe
    152 B
     3
  • 185.161.248.142:38452
    kp811705.exe
    152 B
     3
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st293748.exe
    Filesize

    464KB

    MD5

    4b000683d4fa7b04d94f120af3a6ba67

    SHA1

    2fa39a45493d10f4c7efd0e2065431fb05a91b64

    SHA256

    c79967d8c4c52bc7eb1f8334350ac7765d2329a28ea6794f34f6bb118f219cdb

    SHA512

    3903b6e673ab9e473ee64debafc50c7f376b9017c4c48731bb7556b7f115cc9e7ecac946266960fe797a5db2f94be9b490cc2c50f850d4a43dba3803c732715a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st293748.exe
    Filesize

    464KB

    MD5

    4b000683d4fa7b04d94f120af3a6ba67

    SHA1

    2fa39a45493d10f4c7efd0e2065431fb05a91b64

    SHA256

    c79967d8c4c52bc7eb1f8334350ac7765d2329a28ea6794f34f6bb118f219cdb

    SHA512

    3903b6e673ab9e473ee64debafc50c7f376b9017c4c48731bb7556b7f115cc9e7ecac946266960fe797a5db2f94be9b490cc2c50f850d4a43dba3803c732715a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\39918282.exe
    Filesize

    11KB

    MD5

    7e93bacbbc33e6652e147e7fe07572a0

    SHA1

    421a7167da01c8da4dc4d5234ca3dd84e319e762

    SHA256

    850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

    SHA512

    250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\39918282.exe
    Filesize

    11KB

    MD5

    7e93bacbbc33e6652e147e7fe07572a0

    SHA1

    421a7167da01c8da4dc4d5234ca3dd84e319e762

    SHA256

    850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

    SHA512

    250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp811705.exe
    Filesize

    478KB

    MD5

    cdbab84493e0a54f88c264ca48c346b9

    SHA1

    2ca2e003be25c98d4fcdc85cfc77f2f8851f2d0c

    SHA256

    e53a7f045172922bf8ae9a22b0c3742eae66cb3bf06bb9f1f192637e9517025e

    SHA512

    77cf47c23a4f2be366d1ff8b0675ed3f24e5e4b09b82e60c02f1ea53961f287fbbcfd92860b8db524101dd3e6bec7da0b8c0dc40002f95a77c9c5bf8af13062a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp811705.exe
    Filesize

    478KB

    MD5

    cdbab84493e0a54f88c264ca48c346b9

    SHA1

    2ca2e003be25c98d4fcdc85cfc77f2f8851f2d0c

    SHA256

    e53a7f045172922bf8ae9a22b0c3742eae66cb3bf06bb9f1f192637e9517025e

    SHA512

    77cf47c23a4f2be366d1ff8b0675ed3f24e5e4b09b82e60c02f1ea53961f287fbbcfd92860b8db524101dd3e6bec7da0b8c0dc40002f95a77c9c5bf8af13062a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp811705.exe
    Filesize

    478KB

    MD5

    cdbab84493e0a54f88c264ca48c346b9

    SHA1

    2ca2e003be25c98d4fcdc85cfc77f2f8851f2d0c

    SHA256

    e53a7f045172922bf8ae9a22b0c3742eae66cb3bf06bb9f1f192637e9517025e

    SHA512

    77cf47c23a4f2be366d1ff8b0675ed3f24e5e4b09b82e60c02f1ea53961f287fbbcfd92860b8db524101dd3e6bec7da0b8c0dc40002f95a77c9c5bf8af13062a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP000.TMP\st293748.exe
    Filesize

    464KB

    MD5

    4b000683d4fa7b04d94f120af3a6ba67

    SHA1

    2fa39a45493d10f4c7efd0e2065431fb05a91b64

    SHA256

    c79967d8c4c52bc7eb1f8334350ac7765d2329a28ea6794f34f6bb118f219cdb

    SHA512

    3903b6e673ab9e473ee64debafc50c7f376b9017c4c48731bb7556b7f115cc9e7ecac946266960fe797a5db2f94be9b490cc2c50f850d4a43dba3803c732715a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP000.TMP\st293748.exe
    Filesize

    464KB

    MD5

    4b000683d4fa7b04d94f120af3a6ba67

    SHA1

    2fa39a45493d10f4c7efd0e2065431fb05a91b64

    SHA256

    c79967d8c4c52bc7eb1f8334350ac7765d2329a28ea6794f34f6bb118f219cdb

    SHA512

    3903b6e673ab9e473ee64debafc50c7f376b9017c4c48731bb7556b7f115cc9e7ecac946266960fe797a5db2f94be9b490cc2c50f850d4a43dba3803c732715a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP001.TMP\39918282.exe
    Filesize

    11KB

    MD5

    7e93bacbbc33e6652e147e7fe07572a0

    SHA1

    421a7167da01c8da4dc4d5234ca3dd84e319e762

    SHA256

    850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

    SHA512

    250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP001.TMP\kp811705.exe
    Filesize

    478KB

    MD5

    cdbab84493e0a54f88c264ca48c346b9

    SHA1

    2ca2e003be25c98d4fcdc85cfc77f2f8851f2d0c

    SHA256

    e53a7f045172922bf8ae9a22b0c3742eae66cb3bf06bb9f1f192637e9517025e

    SHA512

    77cf47c23a4f2be366d1ff8b0675ed3f24e5e4b09b82e60c02f1ea53961f287fbbcfd92860b8db524101dd3e6bec7da0b8c0dc40002f95a77c9c5bf8af13062a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP001.TMP\kp811705.exe
    Filesize

    478KB

    MD5

    cdbab84493e0a54f88c264ca48c346b9

    SHA1

    2ca2e003be25c98d4fcdc85cfc77f2f8851f2d0c

    SHA256

    e53a7f045172922bf8ae9a22b0c3742eae66cb3bf06bb9f1f192637e9517025e

    SHA512

    77cf47c23a4f2be366d1ff8b0675ed3f24e5e4b09b82e60c02f1ea53961f287fbbcfd92860b8db524101dd3e6bec7da0b8c0dc40002f95a77c9c5bf8af13062a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP001.TMP\kp811705.exe
    Filesize

    478KB

    MD5

    cdbab84493e0a54f88c264ca48c346b9

    SHA1

    2ca2e003be25c98d4fcdc85cfc77f2f8851f2d0c

    SHA256

    e53a7f045172922bf8ae9a22b0c3742eae66cb3bf06bb9f1f192637e9517025e

    SHA512

    77cf47c23a4f2be366d1ff8b0675ed3f24e5e4b09b82e60c02f1ea53961f287fbbcfd92860b8db524101dd3e6bec7da0b8c0dc40002f95a77c9c5bf8af13062a

    Download Submit

  • memory/1008-109-0x0000000001080000-0x00000000010B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1008-121-0x0000000001080000-0x00000000010B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1008-85-0x0000000001080000-0x00000000010BA000-memory.dmp

    Filesize

    232KB

    Download

  • memory/1008-86-0x0000000001080000-0x00000000010B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1008-87-0x0000000001080000-0x00000000010B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1008-89-0x0000000001080000-0x00000000010B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1008-91-0x0000000001080000-0x00000000010B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1008-93-0x0000000001080000-0x00000000010B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1008-97-0x0000000001080000-0x00000000010B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1008-95-0x0000000001080000-0x00000000010B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1008-99-0x0000000001080000-0x00000000010B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1008-101-0x0000000001080000-0x00000000010B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1008-103-0x0000000001080000-0x00000000010B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1008-105-0x0000000001080000-0x00000000010B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1008-107-0x0000000001080000-0x00000000010B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1008-83-0x0000000000250000-0x0000000000296000-memory.dmp

    Filesize

    280KB

    Download

  • memory/1008-111-0x0000000001080000-0x00000000010B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1008-113-0x0000000001080000-0x00000000010B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1008-115-0x0000000001080000-0x00000000010B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1008-117-0x0000000001080000-0x00000000010B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1008-119-0x0000000001080000-0x00000000010B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1008-84-0x0000000001040000-0x000000000107C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1008-125-0x0000000001080000-0x00000000010B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1008-123-0x0000000001080000-0x00000000010B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1008-127-0x0000000001080000-0x00000000010B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1008-129-0x0000000001080000-0x00000000010B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1008-131-0x0000000001080000-0x00000000010B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1008-133-0x0000000001080000-0x00000000010B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1008-135-0x0000000001080000-0x00000000010B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1008-137-0x0000000001080000-0x00000000010B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1008-139-0x0000000001080000-0x00000000010B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1008-141-0x0000000001080000-0x00000000010B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1008-143-0x0000000001080000-0x00000000010B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1008-145-0x0000000001080000-0x00000000010B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1008-147-0x0000000001080000-0x00000000010B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1008-149-0x0000000001080000-0x00000000010B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1008-331-0x0000000005040000-0x0000000005080000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1008-333-0x0000000005040000-0x0000000005080000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1008-880-0x0000000005040000-0x0000000005080000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1008-882-0x0000000005040000-0x0000000005080000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1008-883-0x0000000005040000-0x0000000005080000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1008-885-0x0000000005040000-0x0000000005080000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1484-72-0x0000000000D10000-0x0000000000D1A000-memory.dmp

    Filesize

    40KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.