Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

WinXray.exe

windows7-x64

6

WinXray.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    137s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    16/08/2023, 03:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WinXray.exe

  • Size

    4.8MB

  • MD5

    462ec930575e457d06ef08020c5ecfa9

  • SHA1

    9ddfa560defde039309adfb17d6d7477898b9d21

  • SHA256

    bf71c816244b237ee5c67de325164d20b151af9d8ed2570a6d4be9a3902f3a37

  • SHA512

    8509b95dc7bbfaabc4eb45bbe6a7c1af52e08a7f1fbe4c2c3231c1bb1c261cb099efc253d8ec01e04fbf0d45b882eb57a2a98ce754b9e6e2b0571929ed5f2ccf

  • SSDEEP

    98304:h9vP01k7vBnuFznQ65cOgbBAUZLp/k/9u:PvPzwMVFsw

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\WinXray.exe
    "C:\Users\Admin\AppData\Local\Temp\WinXray.exe"
    1⤵
    • Modifies system certificate store
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1712

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O5N1CMJ9\connecttest[1].txt
    Filesize

    22B

    MD5

    04c3fc4a88588ee47d33d066920ac410

    SHA1

    c49d3bb4c93b31e2ce67fa23e93464adf902e9d9

    SHA256

    5e9a7996fe94d7be10595d7133748760bf8348198b71b7a50fd8affaa980ac61

    SHA512

    114c22ee28dc2ebfff32b1ee3d2e91d10fdf718645fe91caf3842e0b395fc61ce3e975829ac9cb759764a8e7a1865b49210e05916c6e1629103a5b5a22cc65a3

    Download Submit

  • memory/1712-58-0x0000000000200000-0x0000000000201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1712-81-0x0000000010000000-0x0000000010028000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1712-105-0x0000000003F80000-0x0000000003F98000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1712-109-0x0000000000200000-0x0000000000201000-memory.dmp

    Filesize

    4KB

    Download