Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

1b1d4e1afe...86.exe

windows7-x64

1

1b1d4e1afe...86.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    137s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 15:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1b1d4e1afe74586c6edcaa4714c695c8c8b8a96b2b6860ebe69c2d11be8c6886.exe

  • Size

    1.3MB

  • MD5

    cef58152e7b2e3a5b093f851a448eb08

  • SHA1

    913878c026e9ce9444b980f3a61323c29c8f7dcb

  • SHA256

    1b1d4e1afe74586c6edcaa4714c695c8c8b8a96b2b6860ebe69c2d11be8c6886

  • SHA512

    0d3ebf3a8f3e6eaae616e7608ae3abefb8138d8e27568ca25bad3ffee1b476aed12f488261934d484befe3a551fa4d89aea20470bd5a2f530242137220749710

  • SSDEEP

    24576:TkCKAB0b56wBouJ93vrIdpRxmm1EH2JXD:TxKk0dzBoqvMpRx31Y2JXD

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1b1d4e1afe74586c6edcaa4714c695c8c8b8a96b2b6860ebe69c2d11be8c6886.exe
    "C:\Users\Admin\AppData\Local\Temp\1b1d4e1afe74586c6edcaa4714c695c8c8b8a96b2b6860ebe69c2d11be8c6886.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:5040
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    PID:3436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System32\alg.exe
    Filesize

    1.3MB

    MD5

    dbf1d6234080736d98f373bc32650f67

    SHA1

    9ef90891c792e17700e82ad498020fb484172129

    SHA256

    53dd7520d7363e559389510c7ec02584ad3914f63ac87e22f93fc439075247f3

    SHA512

    15b7bf5799ffef57748217c4c0b8dac3eae6e9463d48126d92f457f813fb22da15de08543d421f8177d63c9929e2b8bb7dc43c57a8780ec0855c2b64205caf35

    Download Submit

  • memory/3436-12-0x0000000140000000-0x00000001401E9000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3436-17-0x0000000140000000-0x00000001401E9000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/5040-0-0x0000000000400000-0x00000000005F7000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5040-1-0x0000000002380000-0x00000000023E7000-memory.dmp

    Filesize

    412KB

    Download

  • memory/5040-6-0x0000000002380000-0x00000000023E7000-memory.dmp

    Filesize

    412KB

    Download

  • memory/5040-7-0x0000000002380000-0x00000000023E7000-memory.dmp

    Filesize

    412KB

    Download

  • memory/5040-16-0x0000000000400000-0x00000000005F7000-memory.dmp

    Filesize

    2.0MB

    Download