Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

1ad95a5f3e...4d.exe

windows7-x64

7

1ad95a5f3e...4d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    177s
  • max time network
    189s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2023, 23:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1ad95a5f3e1ccd21a22e486e4f0b1f4d.exe

  • Size

    388KB

  • MD5

    1ad95a5f3e1ccd21a22e486e4f0b1f4d

  • SHA1

    7929d7c14ab3e17c89f7f093c1e8c862cd698935

  • SHA256

    154f6749af6236af27ca36da9675718826db24c838340cbfd11c6d5a4c2c7e01

  • SHA512

    cdffcb73b628418185cafb6588190256ddeb300f88f1acfadfb890ec5c8a1d62786559e0925a3e92d5385fec2f6752b841d4dba3ffd2e4e581b9ed75633df692

  • SSDEEP

    6144:ISI5kqTzKcS2iJQoRPXHge7+zssn38HPhd5CnbjUW8pE1Y3S:GpTzxSFQoRPXgeCsYMf3WuEoS

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1ad95a5f3e1ccd21a22e486e4f0b1f4d.exe
    "C:\Users\Admin\AppData\Local\Temp\1ad95a5f3e1ccd21a22e486e4f0b1f4d.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\gfdF04B.tmp
    Filesize

    261KB

    MD5

    ffde0f5aefa1b53f1bdeb4d9ff974d53

    SHA1

    279bc63301a470da5f2b20a1118bcb129b1a0a2a

    SHA256

    715cd0bbc1c03b87876f035075ca86d4fb213bb6abd5de75bae9cfa6dc93491d

    SHA512

    add2f078498bcc0740e529828af9270bf7f1fb7e32dc02b1c80b8257faee51499c7f91f1d8963142cf6c29323c7bbae4b3f47f2ce94010230e07f7a4b466be10

    Download Submit

  • memory/4540-2-0x00000000026D0000-0x0000000002716000-memory.dmp

    Filesize

    280KB

    Download

  • memory/4540-3-0x0000000074B30000-0x00000000752E0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4540-4-0x0000000004C30000-0x0000000004C40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4540-5-0x0000000005290000-0x0000000005834000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4540-6-0x0000000004D80000-0x0000000004E12000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4540-7-0x0000000004CF0000-0x0000000004CFA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4540-8-0x0000000004C30000-0x0000000004C40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4540-9-0x0000000004C30000-0x0000000004C40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4540-10-0x0000000007FD0000-0x0000000008036000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4540-19-0x0000000074B30000-0x00000000752E0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4540-20-0x0000000004C30000-0x0000000004C40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4540-21-0x0000000004C30000-0x0000000004C40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4540-22-0x0000000004C30000-0x0000000004C40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4540-23-0x0000000004C30000-0x0000000004C40000-memory.dmp

    Filesize

    64KB

    Download