Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

winHTTP.exe

windows7-x64

1

winHTTP.exe

windows10-2004-x64

1

Resubmissions

22/05/2023, 10:31

230522-mkghkaad6t 3

22/05/2023, 10:00

230522-l1xdaafe75 3

22/05/2023, 09:58

230522-lzv4tsfe72 3

22/05/2023, 09:57

230522-lyz2dsac5z 3

Analysis

  • max time kernel
    30s
  • max time network
    32s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/05/2023, 09:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    winHTTP.exe

  • Size

    71KB

  • MD5

    42350d934e950efe84485f138baea04a

  • SHA1

    365e36db858e8d07fecf25a437386180b3a8e3ec

  • SHA256

    cc3530b39340965530cb06d3cf7c100cc03542dbb988830b86490f0d26934fb3

  • SHA512

    1406c9620c2a2bb2cd4d16f4968f24a0f494aed50f179c5f283f00e75c818d1ee1f35e0a5e81c2bfa415e9071980dfb03fdf801e4e87068b608eb8ddcfbd8471

  • SSDEEP

    768:F6+27TkhNSsp9b2mNCK66vBWvBNLEaLt:FN2naSgkmUK66pWvBNYe

Score
1/10

Malware Config

Signatures

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 19 IoCs
  • Suspicious use of SendNotifyMessage 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\winHTTP.exe
    "C:\Users\Admin\AppData\Local\Temp\winHTTP.exe"
    1⤵
      PID:1192
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2668

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1192-133-0x00007FF7CFC10000-0x00007FF7CFC38000-memory.dmp

      Filesize

      160KB

      Download

    • memory/2668-134-0x0000021345EE0000-0x0000021345EE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2668-135-0x0000021345EE0000-0x0000021345EE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2668-136-0x0000021345EE0000-0x0000021345EE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2668-141-0x0000021345EE0000-0x0000021345EE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2668-140-0x0000021345EE0000-0x0000021345EE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2668-142-0x0000021345EE0000-0x0000021345EE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2668-143-0x0000021345EE0000-0x0000021345EE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2668-144-0x0000021345EE0000-0x0000021345EE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2668-145-0x0000021345EE0000-0x0000021345EE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2668-146-0x0000021345EE0000-0x0000021345EE1000-memory.dmp

      Filesize

      4KB

      Download