Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

0f121235b3...e2.exe

windows7-x64

8

0f121235b3...e2.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    22/10/2023, 06:59 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe

  • Size

    3.0MB

  • MD5

    dfe97b145a3d3a9b2f25787b95d8ae74

  • SHA1

    9a59d001add8406d285a44fffed5732a9211015d

  • SHA256

    0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2

  • SHA512

    8587cccd82a8e55726c05e1d939348e3d549f7790358e7f9ffd730c7ee54147b1c91a6844eeb0125f386d93beb71f395da51b542cb68ad5ba74d94efe7b8da3f

  • SSDEEP

    49152:H7TvfU+8X9GrNOsva5RbKhF3ANkTTlgOOHeflJ7DP9:c+8X9G3vP3AMFGkJ1

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 1 IoCs
    persistence
  • Modifies registry class 5 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of FindShellTrayWindow 29 IoCs
  • Suspicious use of SendNotifyMessage 22 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    "C:\Users\Admin\AppData\Local\Temp\0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe"
    1⤵
      PID:2152
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2160

    Network

      No results found
    • 10.127.0.111:7799
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:6217
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:25871
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:7799
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:6217
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:25871
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:7799
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:6217
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:25871
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:7799
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:6217
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:25871
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:7799
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:6217
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:25871
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:7799
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:6217
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:25871
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:7799
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:6217
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:25871
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:7799
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:6217
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:25871
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:7799
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:6217
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:25871
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:7799
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:6217
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:25871
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:7799
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:6217
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:25871
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:7799
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:6217
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:25871
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:7799
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:6217
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:25871
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:7799
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:6217
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:25871
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:7799
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:6217
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:25871
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:7799
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:6217
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:25871
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:7799
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:6217
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:25871
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:7799
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    • 10.127.0.111:6217
      0f121235b3ca0559b59d5959d63ad4a9e3e7c191a818c9e1e9e890d5a00074e2.exe
    No results found

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2160-0-0x0000000003FF0000-0x0000000003FF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2160-1-0x0000000003FF0000-0x0000000003FF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2160-5-0x0000000003880000-0x0000000003890000-memory.dmp

      Filesize

      64KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.