Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

pivotAnima...-2.exe

windows7-x64

1

pivotAnima...-2.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    147s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/08/2023, 15:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    pivotAnimator_v2-2.exe

  • Size

    572KB

  • MD5

    285ba255e1e9d6afa2f8505fd484532e

  • SHA1

    5a88d532501652128ca3bb00ae7fdbdc757c5696

  • SHA256

    86f80bd5e2f0c81f2ccb3bc20f2fc2a9381934f557a9f8c760aae3d2abdfc0d9

  • SHA512

    83121dea33fbd9e58375830b2ead6e9533a78910603f96bfa294dada36f05f800b127f47073cb0ce32ea48f497022a54ccc5b78a73cfbc10ccbe1971a4987a41

  • SSDEEP

    12288:1ftU8otA3z0tuuJQX0pfd5Ehl3q89pfz/tpfB8:1y853z0tuuJQXOl5Ehl3q87Dp8

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 3 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 20 IoCs
  • Modifies system certificate store 2 TTPs 8 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\pivotAnimator_v2-2.exe
    "C:\Users\Admin\AppData\Local\Temp\pivotAnimator_v2-2.exe"
    1⤵
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:208
    • C:\Program Files (x86)\Pivot Stickfigure Animator\pivot.exe
      "C:\Program Files (x86)\Pivot Stickfigure Animator\pivot.exe"
      2⤵
      • Executes dropped EXE
      PID:4972
  • C:\Users\Admin\AppData\Local\Temp\Pivot_Animator_files\pivot_v2-2.exe
    "C:\Users\Admin\AppData\Local\Temp\Pivot_Animator_files\pivot_v2-2.exe" /VERYSILENT
    1⤵
    • Executes dropped EXE
    • Suspicious use of WriteProcessMemory
    PID:4268
    • C:\Users\Admin\AppData\Local\Temp\is-SIJBH.tmp\pivot_v2-2.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-SIJBH.tmp\pivot_v2-2.tmp" /SL5="$1024C,392138,54272,C:\Users\Admin\AppData\Local\Temp\Pivot_Animator_files\pivot_v2-2.exe" /VERYSILENT
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Modifies registry class
      • Suspicious use of FindShellTrayWindow
      PID:2216

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Pivot Stickfigure Animator\pivot.exe
    Filesize

    779KB

    MD5

    3346fb6c0d0073e43a6f7bffed38758d

    SHA1

    6e8eee796e60bd45c4b00d4696a8c1fa72bb98d1

    SHA256

    77dd82cb93c2b8f16b99317ac46a58dd3595e11c96891d0f67e5869ee1dcf161

    SHA512

    fcdc44428222ff6acb014a1375f452c697cf7d0e55d741948bdfeabfb52aa72796d01f6a706f2e324c6778bee7b2b93ed1b21328a41f37f893d96ffed6de9397

    Download Submit

  • C:\Program Files (x86)\Pivot Stickfigure Animator\pivot.exe
    Filesize

    779KB

    MD5

    3346fb6c0d0073e43a6f7bffed38758d

    SHA1

    6e8eee796e60bd45c4b00d4696a8c1fa72bb98d1

    SHA256

    77dd82cb93c2b8f16b99317ac46a58dd3595e11c96891d0f67e5869ee1dcf161

    SHA512

    fcdc44428222ff6acb014a1375f452c697cf7d0e55d741948bdfeabfb52aa72796d01f6a706f2e324c6778bee7b2b93ed1b21328a41f37f893d96ffed6de9397

    Download Submit

  • C:\Program Files (x86)\Pivot Stickfigure Animator\pivot.exe
    Filesize

    779KB

    MD5

    3346fb6c0d0073e43a6f7bffed38758d

    SHA1

    6e8eee796e60bd45c4b00d4696a8c1fa72bb98d1

    SHA256

    77dd82cb93c2b8f16b99317ac46a58dd3595e11c96891d0f67e5869ee1dcf161

    SHA512

    fcdc44428222ff6acb014a1375f452c697cf7d0e55d741948bdfeabfb52aa72796d01f6a706f2e324c6778bee7b2b93ed1b21328a41f37f893d96ffed6de9397

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Pivot_Animator_files\pivot_v2-2.exe
    Filesize

    625KB

    MD5

    7e17d07c077c785d63dcfad293b824be

    SHA1

    a589554ee426ab062f031fca07bc66f2c2e089fb

    SHA256

    325340951fc31d4910a4ab9ab3b66b85783a47d84414d422ee289314f343bff2

    SHA512

    102e7dbb31e2f1cbba3c458eb00e4945f9b05fd416a3bcc15498620d820b8370d1099d79edb5bace57824aceeba6aa78c00307f876ee71e127e65c99637417af

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-SIJBH.tmp\pivot_v2-2.tmp
    Filesize

    688KB

    MD5

    c765336f0dcf4efdcc2101eed67cd30c

    SHA1

    fa0279f59738c5aa3b6b20106e109ccd77f895a7

    SHA256

    c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28

    SHA512

    06a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-SIJBH.tmp\pivot_v2-2.tmp
    Filesize

    688KB

    MD5

    c765336f0dcf4efdcc2101eed67cd30c

    SHA1

    fa0279f59738c5aa3b6b20106e109ccd77f895a7

    SHA256

    c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28

    SHA512

    06a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891

    Download Submit

  • memory/208-141-0x000000001B5D0000-0x000000001B602000-memory.dmp

    Filesize

    200KB

    Download

  • memory/208-139-0x000000001B4F0000-0x000000001B502000-memory.dmp

    Filesize

    72KB

    Download

  • memory/208-133-0x0000000000030000-0x00000000000C2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/208-142-0x000000001B590000-0x000000001B5AE000-memory.dmp

    Filesize

    120KB

    Download

  • memory/208-143-0x000000001B5B0000-0x000000001B5CA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/208-144-0x0000000002170000-0x0000000002180000-memory.dmp

    Filesize

    64KB

    Download

  • memory/208-145-0x0000000002170000-0x0000000002180000-memory.dmp

    Filesize

    64KB

    Download

  • memory/208-146-0x0000000002170000-0x0000000002180000-memory.dmp

    Filesize

    64KB

    Download

  • memory/208-147-0x00007FF8AF970000-0x00007FF8B0431000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/208-148-0x0000000002170000-0x0000000002180000-memory.dmp

    Filesize

    64KB

    Download

  • memory/208-149-0x0000000002170000-0x0000000002180000-memory.dmp

    Filesize

    64KB

    Download

  • memory/208-150-0x0000000002170000-0x0000000002180000-memory.dmp

    Filesize

    64KB

    Download

  • memory/208-151-0x0000000002170000-0x0000000002180000-memory.dmp

    Filesize

    64KB

    Download

  • memory/208-140-0x000000001B570000-0x000000001B590000-memory.dmp

    Filesize

    128KB

    Download

  • memory/208-333-0x00007FF8AF970000-0x00007FF8B0431000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/208-138-0x000000001B630000-0x000000001B6E2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/208-137-0x000000001B520000-0x000000001B570000-memory.dmp

    Filesize

    320KB

    Download

  • memory/208-134-0x00007FF8AF970000-0x00007FF8B0431000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/208-136-0x000000001B890000-0x000000001BDB8000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/208-135-0x0000000002170000-0x0000000002180000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2216-327-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/2216-178-0x0000000002240000-0x0000000002241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4268-328-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4268-172-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4972-332-0x0000000002280000-0x0000000002281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4972-334-0x0000000000400000-0x00000000004CB000-memory.dmp

    Filesize

    812KB

    Download

  • memory/4972-335-0x0000000002280000-0x0000000002281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4972-338-0x0000000000400000-0x00000000004CB000-memory.dmp

    Filesize

    812KB

    Download