Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

9cf34288dd...e4.exe

windows7-x64

7

9cf34288dd...e4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/12/2023, 06:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9cf34288dda36ca0b013d6978d1acfe4.exe

  • Size

    743KB

  • MD5

    9cf34288dda36ca0b013d6978d1acfe4

  • SHA1

    634560fe79683a2019ee75f669e5bff02c1789f7

  • SHA256

    a40e1563e9bbc7683cc81adcecdf4450817ad2e18ee8534b85714081a500dd65

  • SHA512

    fcf0a8ce71ce9bb1fcba9f14158e8919098dfa75172128bf886bd256216a3b9ef0e44c1ac63177e228fb85522077c8aa1080e2bd415ce29fe341a39dd942f764

  • SSDEEP

    12288:GN2pJlOwXBiPzEhmH5lxgZvvXt+FgqQ8t/6SUoWDGxPlh3i4H9ksxUWv:XrZvPQqqQ8tCSQoh3hxd

Score
7/10

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9cf34288dda36ca0b013d6978d1acfe4.exe
    "C:\Users\Admin\AppData\Local\Temp\9cf34288dda36ca0b013d6978d1acfe4.exe"
    1⤵
    • Drops startup file
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2488
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegAsm.exe"
      2⤵
        PID:2412

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2488-0-0x0000000000720000-0x00000000007E0000-memory.dmp

      Filesize

      768KB

      Download

    • memory/2488-3-0x00000000057E0000-0x0000000005D84000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/2488-2-0x0000000005190000-0x000000000522C000-memory.dmp

      Filesize

      624KB

      Download

    • memory/2488-1-0x0000000074410000-0x0000000074BC0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2488-5-0x00000000057B0000-0x00000000057C0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2488-8-0x0000000074410000-0x0000000074BC0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2488-6-0x0000000006160000-0x0000000006168000-memory.dmp

      Filesize

      32KB

      Download