Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

file.exe

windows7-x64

6

file.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    135s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/05/2023, 14:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    1.8MB

  • MD5

    13adf671ae056aa0e01e696c05736758

  • SHA1

    151edf47d4cf1f8bebe095502b4f4e8ed06dc59b

  • SHA256

    68837e50b37413708ed70f69651613342706345d14d3c2c21ed8ca3e298e5115

  • SHA512

    ae8b633b4234bb470b4acc16c267086a69c12ee6b5bc292b44d1b5536ee47c9517a7201c5f424224938ea5e9875a9ed7f0bef1e9ddd62876cfc12287870e67bf

  • SSDEEP

    12288:3y7uix2TBXVnBGw4I/6QTdp7lRpIlfMer5iiTvdyyF55bI8NMXzpuwFKzCctAtdX:SFzMXzAwPZ

Score
6/10
spyware

Malware Config

Signatures

  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2880
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
      2⤵
        PID:980
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:4732

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2880-133-0x00000000007E0000-0x00000000009BC000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/2880-134-0x0000000005720000-0x0000000005CC4000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/2880-135-0x0000000005170000-0x0000000005202000-memory.dmp

      Filesize

      584KB

      Download

    • memory/2880-136-0x0000000005210000-0x00000000052AC000-memory.dmp

      Filesize

      624KB

      Download

    • memory/2880-137-0x0000000005F30000-0x0000000005F40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2880-138-0x0000000005EA0000-0x0000000005EAA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2880-139-0x0000000005F30000-0x0000000005F40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2880-140-0x0000000005F30000-0x0000000005F40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2880-141-0x0000000005F30000-0x0000000005F40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2880-142-0x0000000005F30000-0x0000000005F40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2880-143-0x0000000005F30000-0x0000000005F40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2880-144-0x0000000005F30000-0x0000000005F40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2880-145-0x0000000005F30000-0x0000000005F40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4732-146-0x0000000000400000-0x0000000000428000-memory.dmp

      Filesize

      160KB

      Download

    • memory/4732-148-0x0000000008110000-0x0000000008728000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/4732-149-0x0000000007BB0000-0x0000000007BC2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4732-150-0x0000000007CE0000-0x0000000007DEA000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/4732-151-0x0000000007C10000-0x0000000007C4C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/4732-152-0x0000000007F30000-0x0000000007F40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4732-153-0x0000000007FB0000-0x0000000008016000-memory.dmp

      Filesize

      408KB

      Download

    • memory/4732-154-0x0000000008FF0000-0x0000000009066000-memory.dmp

      Filesize

      472KB

      Download

    • memory/4732-155-0x000000000A3B0000-0x000000000A572000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/4732-156-0x000000000AAB0000-0x000000000AFDC000-memory.dmp

      Filesize

      5.2MB

      Download

    • memory/4732-157-0x0000000009140000-0x000000000915E000-memory.dmp

      Filesize

      120KB

      Download