Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Revised invoice.exe

windows7-x64

7

Revised invoice.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    157s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/11/2023, 10:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Revised invoice.exe

  • Size

    656KB

  • MD5

    20ad07241b54c7690a5914b6069151b2

  • SHA1

    b631e2d6910155d57982f27a0cebea4d5695c08b

  • SHA256

    9ab77e961ee2eaaee3da8d49b8f9f09444b279c6f258cf8e9769e4a16c22fbd4

  • SHA512

    8e851c4230926b9f7751b0ee779802318878fb127a7cbce16240bbf5b38fd4fd0d518b5594ee0d19e1b01420a339525d50abcff23420987ffbd2e590d052eeeb

  • SSDEEP

    12288:DODN9e6QLaK0//g91Xp3vjb3SMJeHH6GpP6TitTPuvdXp/Oat:yD3e6QLEWoRHvpPS

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Revised invoice.exe
    "C:\Users\Admin\AppData\Local\Temp\Revised invoice.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4692
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      2⤵
        PID:1248
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
        2⤵
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of WriteProcessMemory
        PID:4868
        • C:\Windows\SysWOW64\unregmp2.exe
          "C:\Windows\SysWOW64\unregmp2.exe"
          3⤵
          • Suspicious use of SetThreadContext
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: MapViewOfSection
          PID:1392
    • C:\Windows\Explorer.EXE
      C:\Windows\Explorer.EXE
      1⤵
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:3324
      • C:\Windows\SysWOW64\unregmp2.exe
        "C:\Windows\SysWOW64\unregmp2.exe"
        2⤵
          PID:852

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1392-30-0x00000000001A0000-0x00000000001DA000-memory.dmp

        Filesize

        232KB

        Download

      • memory/1392-29-0x00000000001A0000-0x00000000001DA000-memory.dmp

        Filesize

        232KB

        Download

      • memory/1392-28-0x0000000002290000-0x00000000025DA000-memory.dmp

        Filesize

        3.3MB

        Download

      • memory/1392-26-0x00000000001A0000-0x00000000001DA000-memory.dmp

        Filesize

        232KB

        Download

      • memory/1392-23-0x00000000001A0000-0x00000000001DA000-memory.dmp

        Filesize

        232KB

        Download

      • memory/3324-21-0x000000000DAB0000-0x0000000010974000-memory.dmp

        Filesize

        46.8MB

        Download

      • memory/3324-25-0x000000000DAB0000-0x0000000010974000-memory.dmp

        Filesize

        46.8MB

        Download

      • memory/4692-15-0x0000000074700000-0x0000000074EB0000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/4692-7-0x0000000074700000-0x0000000074EB0000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/4692-9-0x0000000007A50000-0x0000000007A5A000-memory.dmp

        Filesize

        40KB

        Download

      • memory/4692-10-0x000000000A310000-0x000000000A38C000-memory.dmp

        Filesize

        496KB

        Download

      • memory/4692-11-0x0000000006270000-0x000000000630C000-memory.dmp

        Filesize

        624KB

        Download

      • memory/4692-1-0x0000000074700000-0x0000000074EB0000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/4692-2-0x0000000007A70000-0x0000000008014000-memory.dmp

        Filesize

        5.6MB

        Download

      • memory/4692-0-0x0000000000570000-0x000000000061A000-memory.dmp

        Filesize

        680KB

        Download

      • memory/4692-3-0x0000000007560000-0x00000000075F2000-memory.dmp

        Filesize

        584KB

        Download

      • memory/4692-4-0x0000000007790000-0x00000000077A0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4692-5-0x00000000074F0000-0x00000000074FA000-memory.dmp

        Filesize

        40KB

        Download

      • memory/4692-8-0x0000000007790000-0x00000000077A0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4692-6-0x0000000007780000-0x000000000778E000-memory.dmp

        Filesize

        56KB

        Download

      • memory/4868-20-0x0000000000D30000-0x0000000000D4F000-memory.dmp

        Filesize

        124KB

        Download

      • memory/4868-22-0x0000000000D30000-0x0000000000D4F000-memory.dmp

        Filesize

        124KB

        Download

      • memory/4868-19-0x0000000000400000-0x000000000043D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/4868-24-0x0000000000400000-0x000000000043D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/4868-18-0x0000000000400000-0x000000000043D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/4868-17-0x0000000000400000-0x000000000043D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/4868-27-0x0000000000400000-0x000000000043D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/4868-16-0x0000000000E50000-0x000000000119A000-memory.dmp

        Filesize

        3.3MB

        Download

      • memory/4868-13-0x0000000000400000-0x000000000043D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/4868-12-0x0000000000400000-0x000000000043D000-memory.dmp

        Filesize

        244KB

        Download