Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

0ad417395a...2f.exe

windows7-x64

10

0ad417395a...2f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    158s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    06/05/2023, 20:24 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0ad417395aa118aed3d3b7a3a0185780c62defe77606f5c82f9f35189d0a8d2f.exe

  • Size

    1.2MB

  • MD5

    040da786631a25243976d24a86dc971f

  • SHA1

    66cf699fa4d91c5117a15896a39252a865edf98c

  • SHA256

    0ad417395aa118aed3d3b7a3a0185780c62defe77606f5c82f9f35189d0a8d2f

  • SHA512

    d59b969befeed95ccc0b56ad7ba6c0e6a6d895c4634f740438b16f035b2e27b90eb204b67a8efce9cb3cca76fefaad645d22b6a30692f15d4437526b82288b78

  • SSDEEP

    24576:AJTQ1MCZCJyl7wU5zv38snXz/fbJufQkK/DmkzG66jWSZ2dAA7Ul26:AJWM1m775zv3VXDtIQgkzG6Lm2D7Ul2

Score
10/10
evasionpersistencetrojan

Malware Config

Signatures

  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 10 IoCs
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 6 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0ad417395aa118aed3d3b7a3a0185780c62defe77606f5c82f9f35189d0a8d2f.exe
    "C:\Users\Admin\AppData\Local\Temp\0ad417395aa118aed3d3b7a3a0185780c62defe77606f5c82f9f35189d0a8d2f.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:836
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ957923.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ957923.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:2036
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\HG058549.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\HG058549.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Adds Run key to start application
        • Suspicious use of WriteProcessMemory
        PID:1076
        • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\190709580.exe
          C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\190709580.exe
          4⤵
          • Modifies Windows Defender Real-time Protection settings
          • Executes dropped EXE
          • Loads dropped DLL
          • Windows security modification
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:1152
        • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\297062213.exe
          C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\297062213.exe
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of AdjustPrivilegeToken
          PID:1940

Network

    No results found
  • 185.161.248.142:38452
    297062213.exe
    152 B
     3
  • 185.161.248.142:38452
    297062213.exe
    152 B
     3
  • 185.161.248.142:38452
    297062213.exe
    152 B
     3
  • 185.161.248.142:38452
    297062213.exe
    152 B
     3
  • 185.161.248.142:38452
    297062213.exe
    152 B
     3
  • 185.161.248.142:38452
    297062213.exe
    152 B
     3
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ957923.exe
    Filesize

    764KB

    MD5

    930848f4d972b28d262031b300e6a9fd

    SHA1

    042c87a19d6faa9ac1875df7b0d2b2e6e0e88832

    SHA256

    df2d2033319c4bde307ed96c4ff802f3fad906de8bb0aa2fefec5e8f5b40e726

    SHA512

    6a9ac5f14e41f067807ecac05e3fa151677d0cbf9d51eaef6d953b1cf73dbfea6c6ca7d2aa9299052a3d077338a3bcc79c5af22f2e779a6f23085e1d9b4fe60a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ957923.exe
    Filesize

    764KB

    MD5

    930848f4d972b28d262031b300e6a9fd

    SHA1

    042c87a19d6faa9ac1875df7b0d2b2e6e0e88832

    SHA256

    df2d2033319c4bde307ed96c4ff802f3fad906de8bb0aa2fefec5e8f5b40e726

    SHA512

    6a9ac5f14e41f067807ecac05e3fa151677d0cbf9d51eaef6d953b1cf73dbfea6c6ca7d2aa9299052a3d077338a3bcc79c5af22f2e779a6f23085e1d9b4fe60a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\HG058549.exe
    Filesize

    592KB

    MD5

    4411c57112249950167e2fb10f3a5c21

    SHA1

    7ad1819dd9d6b34d5b189921ab4c0f9a945f7deb

    SHA256

    581bcb58ddb1cd357ead0f01f7fad35528e2f94752e894d8cb16b52bb6f7cde3

    SHA512

    6f0c00bd7cfbc18e476584458b861ce13ba40b3f771b579c2a55524af102fdfd0dc9bace19749e140041fdf9c225733bff619de2041a18f32f4ed8b01b61bb89

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\HG058549.exe
    Filesize

    592KB

    MD5

    4411c57112249950167e2fb10f3a5c21

    SHA1

    7ad1819dd9d6b34d5b189921ab4c0f9a945f7deb

    SHA256

    581bcb58ddb1cd357ead0f01f7fad35528e2f94752e894d8cb16b52bb6f7cde3

    SHA512

    6f0c00bd7cfbc18e476584458b861ce13ba40b3f771b579c2a55524af102fdfd0dc9bace19749e140041fdf9c225733bff619de2041a18f32f4ed8b01b61bb89

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\190709580.exe
    Filesize

    378KB

    MD5

    aa77ef7b31187dab2126982db6bddf63

    SHA1

    60c0c53ca68c8a166472150554d4f7d31a0605db

    SHA256

    3c77f59c2c955bb799e085c3ae2171f7074cc9f54d725555b37fed026b217681

    SHA512

    75fdeda4eb64fd77e5b54c4efc4ca1ef8d21d699f2f3bb40e80714bb72aeddf72172d3d6b65b6d26eb9e9b5b3cb70ecc78d7e7a3a1d3fdbd4771d117887c1622

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\190709580.exe
    Filesize

    378KB

    MD5

    aa77ef7b31187dab2126982db6bddf63

    SHA1

    60c0c53ca68c8a166472150554d4f7d31a0605db

    SHA256

    3c77f59c2c955bb799e085c3ae2171f7074cc9f54d725555b37fed026b217681

    SHA512

    75fdeda4eb64fd77e5b54c4efc4ca1ef8d21d699f2f3bb40e80714bb72aeddf72172d3d6b65b6d26eb9e9b5b3cb70ecc78d7e7a3a1d3fdbd4771d117887c1622

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\190709580.exe
    Filesize

    378KB

    MD5

    aa77ef7b31187dab2126982db6bddf63

    SHA1

    60c0c53ca68c8a166472150554d4f7d31a0605db

    SHA256

    3c77f59c2c955bb799e085c3ae2171f7074cc9f54d725555b37fed026b217681

    SHA512

    75fdeda4eb64fd77e5b54c4efc4ca1ef8d21d699f2f3bb40e80714bb72aeddf72172d3d6b65b6d26eb9e9b5b3cb70ecc78d7e7a3a1d3fdbd4771d117887c1622

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\297062213.exe
    Filesize

    460KB

    MD5

    85f72579f89826037f808def050f90cb

    SHA1

    b14075137fc622bd4edf6a5de3e04ff6c39ff9cb

    SHA256

    e4794dce180548fb580a671092b41708f0e6a4af78b545ec9670dd7164164c2d

    SHA512

    28d86e1f8747c3329088d3fd82972e59826d500cf8ed5eccb3fbc045fa6280c877d0ef4ecb84e8f78f3a25fe768396a6a20c1379790f8232c32980144d5cffa4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\297062213.exe
    Filesize

    460KB

    MD5

    85f72579f89826037f808def050f90cb

    SHA1

    b14075137fc622bd4edf6a5de3e04ff6c39ff9cb

    SHA256

    e4794dce180548fb580a671092b41708f0e6a4af78b545ec9670dd7164164c2d

    SHA512

    28d86e1f8747c3329088d3fd82972e59826d500cf8ed5eccb3fbc045fa6280c877d0ef4ecb84e8f78f3a25fe768396a6a20c1379790f8232c32980144d5cffa4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\297062213.exe
    Filesize

    460KB

    MD5

    85f72579f89826037f808def050f90cb

    SHA1

    b14075137fc622bd4edf6a5de3e04ff6c39ff9cb

    SHA256

    e4794dce180548fb580a671092b41708f0e6a4af78b545ec9670dd7164164c2d

    SHA512

    28d86e1f8747c3329088d3fd82972e59826d500cf8ed5eccb3fbc045fa6280c877d0ef4ecb84e8f78f3a25fe768396a6a20c1379790f8232c32980144d5cffa4

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ957923.exe
    Filesize

    764KB

    MD5

    930848f4d972b28d262031b300e6a9fd

    SHA1

    042c87a19d6faa9ac1875df7b0d2b2e6e0e88832

    SHA256

    df2d2033319c4bde307ed96c4ff802f3fad906de8bb0aa2fefec5e8f5b40e726

    SHA512

    6a9ac5f14e41f067807ecac05e3fa151677d0cbf9d51eaef6d953b1cf73dbfea6c6ca7d2aa9299052a3d077338a3bcc79c5af22f2e779a6f23085e1d9b4fe60a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP000.TMP\VZ957923.exe
    Filesize

    764KB

    MD5

    930848f4d972b28d262031b300e6a9fd

    SHA1

    042c87a19d6faa9ac1875df7b0d2b2e6e0e88832

    SHA256

    df2d2033319c4bde307ed96c4ff802f3fad906de8bb0aa2fefec5e8f5b40e726

    SHA512

    6a9ac5f14e41f067807ecac05e3fa151677d0cbf9d51eaef6d953b1cf73dbfea6c6ca7d2aa9299052a3d077338a3bcc79c5af22f2e779a6f23085e1d9b4fe60a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP001.TMP\HG058549.exe
    Filesize

    592KB

    MD5

    4411c57112249950167e2fb10f3a5c21

    SHA1

    7ad1819dd9d6b34d5b189921ab4c0f9a945f7deb

    SHA256

    581bcb58ddb1cd357ead0f01f7fad35528e2f94752e894d8cb16b52bb6f7cde3

    SHA512

    6f0c00bd7cfbc18e476584458b861ce13ba40b3f771b579c2a55524af102fdfd0dc9bace19749e140041fdf9c225733bff619de2041a18f32f4ed8b01b61bb89

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP001.TMP\HG058549.exe
    Filesize

    592KB

    MD5

    4411c57112249950167e2fb10f3a5c21

    SHA1

    7ad1819dd9d6b34d5b189921ab4c0f9a945f7deb

    SHA256

    581bcb58ddb1cd357ead0f01f7fad35528e2f94752e894d8cb16b52bb6f7cde3

    SHA512

    6f0c00bd7cfbc18e476584458b861ce13ba40b3f771b579c2a55524af102fdfd0dc9bace19749e140041fdf9c225733bff619de2041a18f32f4ed8b01b61bb89

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP002.TMP\190709580.exe
    Filesize

    378KB

    MD5

    aa77ef7b31187dab2126982db6bddf63

    SHA1

    60c0c53ca68c8a166472150554d4f7d31a0605db

    SHA256

    3c77f59c2c955bb799e085c3ae2171f7074cc9f54d725555b37fed026b217681

    SHA512

    75fdeda4eb64fd77e5b54c4efc4ca1ef8d21d699f2f3bb40e80714bb72aeddf72172d3d6b65b6d26eb9e9b5b3cb70ecc78d7e7a3a1d3fdbd4771d117887c1622

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP002.TMP\190709580.exe
    Filesize

    378KB

    MD5

    aa77ef7b31187dab2126982db6bddf63

    SHA1

    60c0c53ca68c8a166472150554d4f7d31a0605db

    SHA256

    3c77f59c2c955bb799e085c3ae2171f7074cc9f54d725555b37fed026b217681

    SHA512

    75fdeda4eb64fd77e5b54c4efc4ca1ef8d21d699f2f3bb40e80714bb72aeddf72172d3d6b65b6d26eb9e9b5b3cb70ecc78d7e7a3a1d3fdbd4771d117887c1622

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP002.TMP\190709580.exe
    Filesize

    378KB

    MD5

    aa77ef7b31187dab2126982db6bddf63

    SHA1

    60c0c53ca68c8a166472150554d4f7d31a0605db

    SHA256

    3c77f59c2c955bb799e085c3ae2171f7074cc9f54d725555b37fed026b217681

    SHA512

    75fdeda4eb64fd77e5b54c4efc4ca1ef8d21d699f2f3bb40e80714bb72aeddf72172d3d6b65b6d26eb9e9b5b3cb70ecc78d7e7a3a1d3fdbd4771d117887c1622

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP002.TMP\297062213.exe
    Filesize

    460KB

    MD5

    85f72579f89826037f808def050f90cb

    SHA1

    b14075137fc622bd4edf6a5de3e04ff6c39ff9cb

    SHA256

    e4794dce180548fb580a671092b41708f0e6a4af78b545ec9670dd7164164c2d

    SHA512

    28d86e1f8747c3329088d3fd82972e59826d500cf8ed5eccb3fbc045fa6280c877d0ef4ecb84e8f78f3a25fe768396a6a20c1379790f8232c32980144d5cffa4

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP002.TMP\297062213.exe
    Filesize

    460KB

    MD5

    85f72579f89826037f808def050f90cb

    SHA1

    b14075137fc622bd4edf6a5de3e04ff6c39ff9cb

    SHA256

    e4794dce180548fb580a671092b41708f0e6a4af78b545ec9670dd7164164c2d

    SHA512

    28d86e1f8747c3329088d3fd82972e59826d500cf8ed5eccb3fbc045fa6280c877d0ef4ecb84e8f78f3a25fe768396a6a20c1379790f8232c32980144d5cffa4

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP002.TMP\297062213.exe
    Filesize

    460KB

    MD5

    85f72579f89826037f808def050f90cb

    SHA1

    b14075137fc622bd4edf6a5de3e04ff6c39ff9cb

    SHA256

    e4794dce180548fb580a671092b41708f0e6a4af78b545ec9670dd7164164c2d

    SHA512

    28d86e1f8747c3329088d3fd82972e59826d500cf8ed5eccb3fbc045fa6280c877d0ef4ecb84e8f78f3a25fe768396a6a20c1379790f8232c32980144d5cffa4

    Download Submit

  • memory/836-54-0x00000000021F0000-0x00000000022ED000-memory.dmp

    Filesize

    1012KB

    Download

  • memory/836-61-0x0000000002390000-0x0000000002496000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/836-123-0x0000000000400000-0x00000000008E1000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/1152-122-0x0000000004E70000-0x0000000004EB0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1152-102-0x00000000009E0000-0x00000000009F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1152-104-0x00000000009E0000-0x00000000009F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1152-110-0x00000000009E0000-0x00000000009F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1152-108-0x00000000009E0000-0x00000000009F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1152-106-0x00000000009E0000-0x00000000009F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1152-112-0x00000000009E0000-0x00000000009F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1152-114-0x00000000009E0000-0x00000000009F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1152-116-0x00000000009E0000-0x00000000009F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1152-118-0x00000000009E0000-0x00000000009F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1152-120-0x00000000009E0000-0x00000000009F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1152-121-0x0000000004E70000-0x0000000004EB0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1152-100-0x00000000009E0000-0x00000000009F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1152-98-0x00000000009E0000-0x00000000009F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1152-124-0x0000000000400000-0x0000000000804000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/1152-125-0x0000000000400000-0x0000000000804000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/1152-96-0x00000000009E0000-0x00000000009F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1152-94-0x00000000009E0000-0x00000000009F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1152-93-0x00000000009E0000-0x00000000009F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1152-92-0x00000000009E0000-0x00000000009F8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1152-91-0x00000000003D0000-0x00000000003EA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1152-90-0x0000000000250000-0x000000000027D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1940-139-0x0000000002840000-0x0000000002875000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1940-155-0x0000000002840000-0x0000000002875000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1940-138-0x0000000002840000-0x0000000002875000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1940-136-0x0000000002550000-0x000000000258C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1940-143-0x0000000002840000-0x0000000002875000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1940-141-0x0000000002840000-0x0000000002875000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1940-145-0x0000000002840000-0x0000000002875000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1940-147-0x0000000002840000-0x0000000002875000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1940-153-0x0000000002840000-0x0000000002875000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1940-151-0x0000000002840000-0x0000000002875000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1940-149-0x0000000002840000-0x0000000002875000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1940-159-0x0000000002840000-0x0000000002875000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1940-157-0x0000000002840000-0x0000000002875000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1940-137-0x0000000002840000-0x000000000287A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/1940-163-0x0000000002840000-0x0000000002875000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1940-161-0x0000000002840000-0x0000000002875000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1940-167-0x0000000002840000-0x0000000002875000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1940-165-0x0000000002840000-0x0000000002875000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1940-169-0x0000000002840000-0x0000000002875000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1940-545-0x0000000000360000-0x00000000003A6000-memory.dmp

    Filesize

    280KB

    Download

  • memory/1940-547-0x0000000004F10000-0x0000000004F50000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1940-551-0x0000000004F10000-0x0000000004F50000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1940-549-0x0000000004F10000-0x0000000004F50000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1940-935-0x0000000004F10000-0x0000000004F50000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1940-938-0x0000000004F10000-0x0000000004F50000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1940-939-0x0000000004F10000-0x0000000004F50000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1940-940-0x0000000004F10000-0x0000000004F50000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1940-942-0x0000000004F10000-0x0000000004F50000-memory.dmp

    Filesize

    256KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.