Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    53s
  • max time network
    65s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    08/06/2023, 02:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    70497b36ef699bece876e62c4ff4ec66f227cabeaf3730508a869ddc94883ce5.exe

  • Size

    121KB

  • MD5

    294c6778c0b5de1d617a48ff0f690f58

  • SHA1

    94b8e5eaeef8dca78cb4c438dee3583521939dd0

  • SHA256

    70497b36ef699bece876e62c4ff4ec66f227cabeaf3730508a869ddc94883ce5

  • SHA512

    0c56dd8d361965386e67b9883589da9a1d00f36d58de882648ffb713919e93dd0fc3b38c74358e8eb4016ed9f34e42f26e4f12642f7bf78cbece82a858fdcaca

  • SSDEEP

    3072:X9QLdsON8xxwaTq29LjK++E7LfWv98oyhuWVFrag1shbYrtvx:tQLvN8VTkEOWVFmZh8rt

Score
10/10
evasiontrojan

Malware Config

Signatures

  • Modifies Windows Defender Real-time Protection settings 3 TTPs 5 IoCs
    evasiontrojan
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\70497b36ef699bece876e62c4ff4ec66f227cabeaf3730508a869ddc94883ce5.exe
    "C:\Users\Admin\AppData\Local\Temp\70497b36ef699bece876e62c4ff4ec66f227cabeaf3730508a869ddc94883ce5.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4028
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
      • Modifies Windows Defender Real-time Protection settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3412
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 492
      2⤵
      • Program crash
      PID:5032

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3412-121-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download