Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
-
submitted
25/08/2023, 22:57
General
-
Target
f91db36135a994d00b92ec2b1be0fca9.exe
-
Size
3.0MB
-
MD5
f91db36135a994d00b92ec2b1be0fca9
-
SHA1
4219943320a7f291a4da37aed89bce5a4a09e250
-
SHA256
f3aba98cd53c71d4d5e917e9e1fd43e3db61b46c59610eefba45b8c81f3e68ff
-
SHA512
48ffd9c8af8019e9e3ae2a5bd479d5eb7ff815e7b9b8bf3887d8528a6e796af7d0ab17f300afadaf24cc24a2fdffd2dff73ba2062903a7f8df40c5e5521f0db9
-
SSDEEP
49152:mwOiIXJQSGd77+om1nVr6AZxPbxlhqhMKucCuTOgVrp7vRo6JE3CGiiFlENhh4xM:mT5af+tF6UxPFlQ+KdnESGNFe4xLafv
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 22 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f91db36135a994d00b92ec2b1be0fca9.exe"C:\Users\Admin\AppData\Local\Temp\f91db36135a994d00b92ec2b1be0fca9.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell set-mppreference -exclusionpath C:\3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.9MB
-
Filesize
2.9MB
-
Filesize
256KB
-
Filesize
3.0MB
-
Filesize
2.9MB
-
Filesize
2.9MB
-
Filesize
2.9MB
-
Filesize
2.9MB
-
Filesize
2.9MB
-
Filesize
6.9MB
-
Filesize
2.9MB
-
Filesize
2.9MB
-
Filesize
2.9MB
-
Filesize
2.9MB
-
Filesize
2.9MB
-
Filesize
2.9MB
-
Filesize
2.9MB
-
Filesize
2.9MB
-
Filesize
2.9MB
-
Filesize
2.9MB
-
Filesize
2.9MB
-
Filesize
2.9MB
-
Filesize
3.1MB
-
Filesize
2.9MB
-
Filesize
2.9MB
-
Filesize
2.9MB
-
Filesize
2.9MB
-
Filesize
2.9MB
-
Filesize
2.9MB
-
Filesize
2.9MB
-
Filesize
2.9MB
-
Filesize
2.9MB
-
Filesize
2.9MB
-
Filesize
2.9MB
-
Filesize
2.9MB
-
Filesize
2.9MB
-
Filesize
2.9MB
-
Filesize
6.9MB
-
Filesize
256KB
-
Filesize
4KB
-
Filesize
2.4MB
-
Filesize
304KB
-
Filesize
6.9MB
-
Filesize
256KB
-
Filesize
5.7MB
-
Filesize
256KB
-
Filesize
5.7MB
-
Filesize
5.7MB