Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

SSH2.exe

windows10-2004-x64

1

Resubmissions

08/08/2023, 09:22

230808-lb7gysbf52 3

08/08/2023, 09:21

230808-lbbqaabf47 3

Analysis

  • max time kernel
    13s
  • max time network
    20s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/08/2023, 09:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SSH2.exe

  • Size

    898KB

  • MD5

    9f38ce21c2fe48c1a6182fc5381d939b

  • SHA1

    0c7a81760344794c5abee0868ed0f3be6b528c26

  • SHA256

    a3c9f9604ba35edd9862897978841e0c9645fd1e56149b53668bf4d337e09185

  • SHA512

    49302857bea112c31365c2fa747813e09992b49dcdad4e462f5ba19457923462bf3144908eca2e8dccb7dc8817f9f35783c6ff651b3f831ea3e9cf979a62ff53

  • SSDEEP

    12288:K+vRfgPuRZc+andMhV9mHviw30I0FUYieQL9QA09b716tgdelrCCqiz:FOPkZc+LhLm6w30I0GYl6Girgiz

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SSH2.exe
    "C:\Users\Admin\AppData\Local\Temp\SSH2.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3644-133-0x0000000074560000-0x0000000074D10000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3644-134-0x00000000008F0000-0x00000000009D6000-memory.dmp

    Filesize

    920KB

    Download

  • memory/3644-135-0x0000000005AE0000-0x0000000006084000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/3644-136-0x0000000002FD0000-0x0000000002FE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3644-137-0x0000000005530000-0x00000000055C2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/3644-138-0x00000000060B0000-0x00000000060BA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3644-139-0x0000000002FD0000-0x0000000002FE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3644-141-0x0000000074560000-0x0000000074D10000-memory.dmp

    Filesize

    7.7MB

    Download