Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

gunzipped.exe

windows7-x64

1

gunzipped.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    31/10/2023, 09:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    gunzipped.exe

  • Size

    445KB

  • MD5

    d9742026719e39649e6bcf5a9966080b

  • SHA1

    d637b4ac4a2e0a73b8b80c62943bbaec0dc2777e

  • SHA256

    07177892c2c47e5827bf6504ad8b7047771674b164fa8a026b9250f831560cfe

  • SHA512

    fce6de17d889e3cd9af2fcf3b3085719193272e023117c5e09ead3d0523114bc2c486408ec2067066753a9d67942a18a06c1457e5d132d9b0c51a2c105a6812d

  • SSDEEP

    12288:LZoa52c6bFW2NU4vVKKzmN5ALp6jTB4rmbZ9+Q9IjN:dcbM2a4AN5AV6+rhqeN

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\gunzipped.exe
    "C:\Users\Admin\AppData\Local\Temp\gunzipped.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2176
    • C:\Users\Admin\AppData\Local\Temp\gunzipped.exe
      "C:\Users\Admin\AppData\Local\Temp\gunzipped.exe"
      2⤵
        PID:2136
      • C:\Users\Admin\AppData\Local\Temp\gunzipped.exe
        "C:\Users\Admin\AppData\Local\Temp\gunzipped.exe"
        2⤵
          PID:1944
        • C:\Users\Admin\AppData\Local\Temp\gunzipped.exe
          "C:\Users\Admin\AppData\Local\Temp\gunzipped.exe"
          2⤵
            PID:2636
          • C:\Users\Admin\AppData\Local\Temp\gunzipped.exe
            "C:\Users\Admin\AppData\Local\Temp\gunzipped.exe"
            2⤵
              PID:2604
            • C:\Users\Admin\AppData\Local\Temp\gunzipped.exe
              "C:\Users\Admin\AppData\Local\Temp\gunzipped.exe"
              2⤵
                PID:2732

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/2176-0-0x00000000003A0000-0x0000000000416000-memory.dmp

              Filesize

              472KB

              Download

            • memory/2176-1-0x0000000074600000-0x0000000074CEE000-memory.dmp

              Filesize

              6.9MB

              Download

            • memory/2176-2-0x0000000004E00000-0x0000000004E40000-memory.dmp

              Filesize

              256KB

              Download

            • memory/2176-3-0x00000000004E0000-0x00000000004F0000-memory.dmp

              Filesize

              64KB

              Download

            • memory/2176-4-0x0000000074600000-0x0000000074CEE000-memory.dmp

              Filesize

              6.9MB

              Download

            • memory/2176-5-0x0000000004E00000-0x0000000004E40000-memory.dmp

              Filesize

              256KB

              Download

            • memory/2176-6-0x00000000004F0000-0x00000000004F6000-memory.dmp

              Filesize

              24KB

              Download

            • memory/2176-7-0x0000000000500000-0x000000000050A000-memory.dmp

              Filesize

              40KB

              Download

            • memory/2176-8-0x0000000004600000-0x000000000465A000-memory.dmp

              Filesize

              360KB

              Download

            • memory/2176-9-0x0000000074600000-0x0000000074CEE000-memory.dmp

              Filesize

              6.9MB

              Download