Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

pikabot.exe

windows7-x64

1

pikabot.exe

windows10-2004-x64

1

Resubmissions

22/06/2024, 17:36

240622-v6w45swhkc 10

16/11/2023, 07:55

231116-jr41nahf9v 3

15/11/2023, 14:30

231115-rvbghsbd22 3

Analysis

  • max time kernel
    120s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    16/11/2023, 07:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    pikabot.exe

  • Size

    306KB

  • MD5

    a12001230dd6f5ca67f7935bcfdcd650

  • SHA1

    fd39ca7366ca63f15a6e61e2cbda9195077a83b6

  • SHA256

    39d6f7865949ae7bb846f56bff4f62a96d7277d2872fec68c09e1227e6db9206

  • SHA512

    224d6c55953440d894d84787a88f6230964a9ec44f323dcdc49ebd9722cc5426719f36d202b586f408d0bd8d4e1502ba7edbb9037c500b1cab31242ada6bce91

  • SSDEEP

    3072:engX9CnOMcKVtnEcoVzr4j0NnRT+JwMU3AWoeFE1YerPvbyg1ihk6kvtfGq0ev37:EZ7ZGVzr4jq5kJRwFE77arkR10efUKh

Score
1/10

Malware Config

Signatures

  • Gathers network information 2 TTPs 2 IoCs

    Uses commandline utility to view network configuration.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 24 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\pikabot.exe
    "C:\Users\Admin\AppData\Local\Temp\pikabot.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1856
    • C:\Windows\SysWOW64\whoami.exe
      whoami.exe /all
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2696
    • C:\Windows\SysWOW64\ipconfig.exe
      ipconfig.exe /all
      2⤵
      • Gathers network information
      PID:2700
    • C:\Windows\SysWOW64\netstat.exe
      netstat.exe -aon
      2⤵
      • Gathers network information
      • Suspicious use of AdjustPrivilegeToken
      PID:2908

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads