Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

k8704938.exe

windows7-x64

10

k8704938.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    27s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    29/05/2023, 04:31 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    k8704938.exe

  • Size

    184KB

  • MD5

    58dba47f9c7d53ae734da0f314af09b1

  • SHA1

    85146261b71e0bfdbb5854b77d72f4cd3b461d89

  • SHA256

    97399d4a530ea277cb9502555ee3d85100e1e9a1c56a173fa6c570df0c5f88a4

  • SHA512

    f1a0f7802130e119979afe60f254e659e0eaf141c5a8618a143d3eecff4d038681f9cfccf9af190fed269018cd8897d59e432a545aaac5af8c3e724d21a19e64

  • SSDEEP

    3072:mDKW1LgppLRHMY0TBfJvjcTp5XNSolP1DF3HECsxU6f:mDKW1Lgbdl0TBBvjc/NS61DF3EJU

Score
10/10
evasiontrojan

Malware Config

Signatures

  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\k8704938.exe
    "C:\Users\Admin\AppData\Local\Temp\k8704938.exe"
    1⤵
    • Modifies Windows Defender Real-time Protection settings
    • Windows security modification
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:324

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/324-54-0x0000000001F00000-0x0000000001F1E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/324-55-0x0000000001F70000-0x0000000001F8C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/324-56-0x0000000001F70000-0x0000000001F86000-memory.dmp

    Filesize

    88KB

    Download

  • memory/324-57-0x0000000001F70000-0x0000000001F86000-memory.dmp

    Filesize

    88KB

    Download

  • memory/324-59-0x0000000001F70000-0x0000000001F86000-memory.dmp

    Filesize

    88KB

    Download

  • memory/324-61-0x0000000001F70000-0x0000000001F86000-memory.dmp

    Filesize

    88KB

    Download

  • memory/324-63-0x0000000001F70000-0x0000000001F86000-memory.dmp

    Filesize

    88KB

    Download

  • memory/324-65-0x0000000001F70000-0x0000000001F86000-memory.dmp

    Filesize

    88KB

    Download

  • memory/324-67-0x0000000001F70000-0x0000000001F86000-memory.dmp

    Filesize

    88KB

    Download

  • memory/324-71-0x0000000001F70000-0x0000000001F86000-memory.dmp

    Filesize

    88KB

    Download

  • memory/324-69-0x0000000001F70000-0x0000000001F86000-memory.dmp

    Filesize

    88KB

    Download

  • memory/324-77-0x0000000001F70000-0x0000000001F86000-memory.dmp

    Filesize

    88KB

    Download

  • memory/324-75-0x0000000001F70000-0x0000000001F86000-memory.dmp

    Filesize

    88KB

    Download

  • memory/324-73-0x0000000001F70000-0x0000000001F86000-memory.dmp

    Filesize

    88KB

    Download

  • memory/324-81-0x0000000001F70000-0x0000000001F86000-memory.dmp

    Filesize

    88KB

    Download

  • memory/324-79-0x0000000001F70000-0x0000000001F86000-memory.dmp

    Filesize

    88KB

    Download

  • memory/324-83-0x0000000001F70000-0x0000000001F86000-memory.dmp

    Filesize

    88KB

    Download

  • memory/324-84-0x0000000004800000-0x0000000004840000-memory.dmp

    Filesize

    256KB

    Download

  • memory/324-85-0x0000000004800000-0x0000000004840000-memory.dmp

    Filesize

    256KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.