Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

3

#TN#105395...DF.scr

windows7-x64

3

#TN#105395...DF.scr

windows10-1703-x64

5

#TN#105395...DF.scr

windows10-2004-x64

5

Analysis

  • max time kernel
    129s
  • max time network
    132s
  • platform
    windows10-1703_x64
  • resource
    win10-20230703-en
  • resource tags

    arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
  • submitted
    19/07/2023, 07:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    #TN#1053958936#306E#TWKN.PDF.scr

  • Size

    676KB

  • MD5

    384c43c53e26b04077e7ffe810574718

  • SHA1

    9e82f9731837dfe4bd38f73da095ec27c5c4b9ff

  • SHA256

    224d047b62d6fd457253d627ac088bd3076b2ffe137df3ffaf918e73bb4f684f

  • SHA512

    bcfb5a4b38aa0e21a838c4a238359ec8050db9d05b0ece7bdfc482e70bec47d08e336a36f768f3b70153c7b610a18692e17fe8c3d04904e0547413c11374061a

  • SSDEEP

    12288:uPYPfY7iHnWpD3Y/MtlxcV2RtalYkvLPJsBYDu3tcmowXlLWD:uPYPgrpLYEtlntmLvzJsBCOtcyLg

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\#TN#1053958936#306E#TWKN.PDF.scr
    "C:\Users\Admin\AppData\Local\Temp\#TN#1053958936#306E#TWKN.PDF.scr" /S
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2084
    • C:\Users\Admin\AppData\Local\Temp\#TN#1053958936#306E#TWKN.PDF.scr
      "C:\Users\Admin\AppData\Local\Temp\#TN#1053958936#306E#TWKN.PDF.scr"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:3876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2084-125-0x0000000004CA0000-0x0000000004CB0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2084-126-0x0000000007350000-0x000000000735A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2084-119-0x0000000005000000-0x00000000054FE000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/2084-120-0x0000000004A40000-0x0000000004AD2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2084-121-0x0000000004CA0000-0x0000000004CB0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2084-122-0x0000000004A00000-0x0000000004A0A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2084-118-0x0000000073E70000-0x000000007455E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2084-123-0x0000000004C70000-0x0000000004C7E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2084-117-0x0000000000100000-0x00000000001B0000-memory.dmp

    Filesize

    704KB

    Download

  • memory/2084-124-0x0000000073E70000-0x000000007455E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2084-127-0x0000000007680000-0x00000000076F4000-memory.dmp

    Filesize

    464KB

    Download

  • memory/2084-128-0x0000000009E20000-0x0000000009EBC000-memory.dmp

    Filesize

    624KB

    Download

  • memory/2084-131-0x0000000073E70000-0x000000007455E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/3876-129-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3876-132-0x0000000001810000-0x0000000001B30000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3876-133-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download