Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

c30ab3c11b...8e.exe

windows7-x64

1

c30ab3c11b...8e.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    120s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2023, 11:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c30ab3c11b97bb75e87a69ce38056e0e38584c7bd92067a62a41d6a4d4ef828e.exe

  • Size

    204KB

  • MD5

    feedd0af3135c277aa75f2ab9a86965d

  • SHA1

    c3a7f0dbe7969cf0348335326b6d3740f8c9ff64

  • SHA256

    c30ab3c11b97bb75e87a69ce38056e0e38584c7bd92067a62a41d6a4d4ef828e

  • SHA512

    3e94cef07a849a4e3eb3fd6d1dca98021ad974cc466e5fcf62cef63db5986f9b9cde25f6870d353bfec3942d771bdbe2024174d2cef87df735265fffcb4fcf9e

  • SSDEEP

    6144:EKUrg0PTbOu4CCE1jqAO3iScrpIcGm+WhEZRmY8:EK8xOvCCijqAyNcjxI58

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c30ab3c11b97bb75e87a69ce38056e0e38584c7bd92067a62a41d6a4d4ef828e.exe
    "C:\Users\Admin\AppData\Local\Temp\c30ab3c11b97bb75e87a69ce38056e0e38584c7bd92067a62a41d6a4d4ef828e.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2232 -s 2056
      2⤵
        PID:2944

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Cab56F8.tmp
      Filesize

      61KB

      MD5

      f3441b8572aae8801c04f3060b550443

      SHA1

      4ef0a35436125d6821831ef36c28ffaf196cda15

      SHA256

      6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

      SHA512

      5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar5749.tmp
      Filesize

      163KB

      MD5

      9441737383d21192400eca82fda910ec

      SHA1

      725e0d606a4fc9ba44aa8ffde65bed15e65367e4

      SHA256

      bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

      SHA512

      7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

      Download Submit

    • C:\Users\Admin\AppData\Local\Zander_Tools\c30ab3c11b97bb75e87a69ce3_Url_ds0y5eqkg1akw3g2raos45wmosgcahay\1.6.0.34738\pujjnxgp.newcfg
      Filesize

      1KB

      MD5

      3f1c4972ebd4f58144786466fb4953fa

      SHA1

      8ae0d4d7dbfd29b181c4ef57caa2dffc4ed89c2c

      SHA256

      4313b3b0042349d91d672141cd2c6dff97deb1ed7242804b1c785aedb4756442

      SHA512

      7c8c7861a3ef51dd3c953968d50f7543197f377a7ae09b46aeb4aa53edd3ef7ee036ed55e60aadc3bdd3baaaf483d2086276cecf9e69c7086d08a94c6d7774fc

      Download Submit

    • C:\Users\Admin\AppData\Local\Zander_Tools\c30ab3c11b97bb75e87a69ce3_Url_ds0y5eqkg1akw3g2raos45wmosgcahay\1.6.0.34738\user.config
      Filesize

      827B

      MD5

      a71b2875cb982f979bb5140665c8e712

      SHA1

      3c073001a408355517bd6b3bf7e0dffde034f994

      SHA256

      343789c61269549defc214994be390833db47815a063e35436b104e7e4424a8f

      SHA512

      e69f2e4ad1de075e747f4b510ce1ac30ce1d247673783501ae2005886b4bb2dc02b59dc4a076dd99714cb3ebad4aaa431bf00a59fe2da771282a83b63b6d3ddd

      Download Submit

    • C:\Users\Admin\AppData\Local\Zander_Tools\c30ab3c11b97bb75e87a69ce3_Url_ds0y5eqkg1akw3g2raos45wmosgcahay\1.6.0.34738\user.config
      Filesize

      979B

      MD5

      d3bb41c18d0eb584a08dd44c23b81808

      SHA1

      e94fcab6e00ae8a47be30577b0601a010072924d

      SHA256

      5f7f94815bb8f88894f31efb4b37dcf4158e45b413c07d41e8d1d869c15b7ae3

      SHA512

      108a64b151a605c31aec7a434f35c8d24865d2f4364ebbf24a503d907ca6ce1ba413cbcb268aedf149acd1826d67b44c29d3528adee5f70036b198676c122069

      Download Submit

    • memory/2232-5-0x00000000003E0000-0x00000000003EA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2232-4-0x00000000003E0000-0x00000000003EA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2232-3-0x000000001AC50000-0x000000001ACD0000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2232-2-0x0000000002080000-0x00000000020DC000-memory.dmp

      Filesize

      368KB

      Download

    • memory/2232-0-0x0000000000C40000-0x0000000000C76000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2232-1-0x000007FEF5490000-0x000007FEF5E7C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2232-104-0x000007FEF5490000-0x000007FEF5E7C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2232-105-0x000000001AC50000-0x000000001ACD0000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2232-106-0x00000000003E0000-0x00000000003EA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2232-107-0x00000000003E0000-0x00000000003EA000-memory.dmp

      Filesize

      40KB

      Download