Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

3

Statement20233010.exe

windows7-x64

3

Statement20233010.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    118s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    30/10/2023, 19:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Statement20233010.exe

  • Size

    19KB

  • MD5

    04bfbe662c6fe75d48c45571e1cdb17f

  • SHA1

    6fcf8dcd30720bd5ceb7ce3f7d1dcea225b989db

  • SHA256

    a5bea05a2f6c78eef246760dc715dd3fe10b0615ac161efbeb8a2cf6c9836499

  • SHA512

    1523cf548f549148b1c12fdfce9469c83eb97e18f45b5f5469050052451535e2336329b8b4886f17b0944d38de0d92ee605f5995badf07796f981b81a65df8c0

  • SSDEEP

    384:O/6i+tTBROM5DWvizocBuLXMEgsYCPGMpizIlkyVT6AstGyFFLuUW:OS9O2NMpizvt1XLu9

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Statement20233010.exe
    "C:\Users\Admin\AppData\Local\Temp\Statement20233010.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2160
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 1640
      2⤵
      • Program crash
      PID:2640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Cab6422.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6454.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit

  • memory/2160-0-0x0000000000C80000-0x0000000000C8C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2160-1-0x0000000074730000-0x0000000074E1E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2160-2-0x0000000000480000-0x00000000004C0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2160-55-0x0000000074730000-0x0000000074E1E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2160-56-0x0000000000480000-0x00000000004C0000-memory.dmp

    Filesize

    256KB

    Download