Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

a5aa5b2212...95.exe

windows7-x64

8

a5aa5b2212...95.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    147s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    07/11/2023, 06:49 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe

  • Size

    3.5MB

  • MD5

    793cde09314735b366c59f205d8383db

  • SHA1

    d71c97b12835ae4fc26d7c347a73240fa1e91cb4

  • SHA256

    a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395

  • SHA512

    a0a895eab5bbc731c926ef7ce99a30ce0b9ceb5d1a6d8ddc80dc97f5b189654bf8bd03e6c14584651697342e90a6db1bece6cba8e85f8d9bfde2864b75724661

  • SSDEEP

    49152:D7TvfU+8X9GrNOsva5RbKhF3ANkTTl+LPAHzy0yGMhg7M6ex:Q+8X9G3vP3AMsUmaMhg7Mlx

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of FindShellTrayWindow 30 IoCs
  • Suspicious use of SendNotifyMessage 19 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    "C:\Users\Admin\AppData\Local\Temp\a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe"
    1⤵
      PID:2952
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2928

    Network

      No results found
    • 10.127.0.122:7799
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:6217
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:25871
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:7799
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:6217
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:25871
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:7799
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:6217
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:25871
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:7799
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:6217
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:25871
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:7799
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:6217
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:25871
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:7799
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:6217
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:25871
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:7799
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:6217
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:25871
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:7799
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:6217
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:25871
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:7799
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:6217
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:25871
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:7799
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:6217
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:25871
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:7799
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:6217
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:25871
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:7799
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:6217
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:25871
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:7799
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:6217
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:25871
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:7799
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:6217
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:25871
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:7799
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:6217
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:25871
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:7799
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:6217
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:25871
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:7799
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:6217
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    • 10.127.0.122:25871
      a5aa5b22123e3bbcbc6f765c8694b182b6cc231115f36cda2801ff2ba09d5395.exe
    No results found

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2928-0-0x00000000040C0000-0x00000000040C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2928-1-0x00000000040C0000-0x00000000040C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2928-5-0x0000000003A20000-0x0000000003A30000-memory.dmp

      Filesize

      64KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.