Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

FlashPatch.exe

windows7-x64

1

FlashPatch.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2023, 11:42 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FlashPatch.exe

  • Size

    183KB

  • MD5

    9f9aa110164af44b441f256e3e6bd109

  • SHA1

    406f9c71fa545921089552a66b3a3bbae1610c4d

  • SHA256

    2965f5b73da457b36b5f3e6332d7d7671076280bc36c5ecf18496085ea3762cb

  • SHA512

    12f03e824ecef014f51cfb3e767c32db24c38e4d03d9461c61a5a68371e3410db29e04acaa2a6690deecb079122c4096db79f59944a500517e25c25abb9eb83d

  • SSDEEP

    1536:hqR5x4yk27MQ0AdAbYt+1rjYzta+LJAyklxJA4keH:h+x4yk2YQ9uYg1KPJAyCxJA4lH

Score
1/10

Malware Config

Signatures

  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FlashPatch.exe
    "C:\Users\Admin\AppData\Local\Temp\FlashPatch.exe"
    1⤵
    • Modifies system certificate store
    • Suspicious use of AdjustPrivilegeToken
    PID:2560

Network

  • flag-us
    DNS
    api.github.com
    FlashPatch.exe
    Remote address:
    8.8.8.8:53
    Request
    api.github.com
    IN A
    Response
    api.github.com
    IN A
    140.82.114.5
  • flag-us
    GET
    https://api.github.com/repos/darktohka/FlashPatch/releases/latest
    FlashPatch.exe
    Remote address:
    140.82.114.5:443
    Request
    GET /repos/darktohka/FlashPatch/releases/latest HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
    Host: api.github.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: GitHub.com
    Date: Wed, 11 Oct 2023 20:37:31 GMT
    Content-Type: application/json; charset=utf-8
    Cache-Control: public, max-age=60, s-maxage=60
    Vary: Accept, Accept-Encoding, Accept, X-Requested-With
    ETag: W/"0004daeb912665ff7ef47d3a2fe9beaccdff6758ab940953906b6cffa4ec163c"
    Last-Modified: Mon, 04 Sep 2023 16:21:19 GMT
    X-GitHub-Media-Type: github.v3; format=json
    x-github-api-version-selected: 2022-11-28
    Access-Control-Expose-Headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
    Access-Control-Allow-Origin: *
    Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
    X-Frame-Options: deny
    X-Content-Type-Options: nosniff
    X-XSS-Protection: 0
    Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
    Content-Security-Policy: default-src 'none'
    X-RateLimit-Limit: 60
    X-RateLimit-Remaining: 59
    X-RateLimit-Reset: 1697060251
    X-RateLimit-Resource: core
    X-RateLimit-Used: 1
    Accept-Ranges: bytes
    Content-Length: 4152
    X-GitHub-Request-Id: C02D:52C6:F7EBB2:1F67C55:65270782
  • 140.82.114.5:443
    https://api.github.com/repos/darktohka/FlashPatch/releases/latest
    tls, http
    FlashPatch.exe
    1.1kB
     8.8kB
     13
    12

    HTTP Request

    GET https://api.github.com/repos/darktohka/FlashPatch/releases/latest

    HTTP Response

    200
  • 8.8.8.8:53
    api.github.com
    dns
    FlashPatch.exe
    60 B
     76 B
     1
    1

    DNS Request

    api.github.com

    DNS Response

    140.82.114.5

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2560-0-0x00000000744A0000-0x0000000074B8E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2560-1-0x0000000000A50000-0x0000000000A84000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2560-2-0x0000000002090000-0x00000000020D0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2560-5-0x00000000001D0000-0x00000000001DA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2560-4-0x0000000002090000-0x00000000020D0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2560-3-0x00000000001D0000-0x00000000001DA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2560-6-0x0000000002090000-0x00000000020D0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2560-7-0x00000000744A0000-0x0000000074B8E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2560-8-0x0000000002090000-0x00000000020D0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2560-9-0x00000000001D0000-0x00000000001DA000-memory.dmp

    Filesize

    40KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.