Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

17a68c6145...f3.exe

windows7-x64

6

17a68c6145...f3.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    143s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 10:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    17a68c6145e3cd2238e420b19caa96f3.exe

  • Size

    852KB

  • MD5

    17a68c6145e3cd2238e420b19caa96f3

  • SHA1

    ffcb7eff513542242100a871db1a4105f952259a

  • SHA256

    4bd95b1d347ffcb27b10ca7178fd9408f25b101dc5f3d9ddcffce3ddbb1ea634

  • SHA512

    c610cc475f96866ea660929d5e6237e67eced67a1f8a1bee2cd7dd4464b4103caedb8401f0233d12aa496748886c5df6331fd29af0b5af69587f1a0f0e4268bd

  • SSDEEP

    12288:n2fsSv2g+MPsC3oKKE9fDhQVE2VEoH6H35pSJ6u4HiEaNX9f9N340uxb16:nFjg+Wp3oKKEdNO9lapxCPD3q36

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 30 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\17a68c6145e3cd2238e420b19caa96f3.exe
    "C:\Users\Admin\AppData\Local\Temp\17a68c6145e3cd2238e420b19caa96f3.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:244
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x2ec 0x478
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/244-0-0x00007FF958C20000-0x00007FF9596E1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/244-1-0x000002169F5B0000-0x000002169F68C000-memory.dmp

    Filesize

    880KB

    Download

  • memory/244-2-0x00000216A11F0000-0x00000216A1200000-memory.dmp

    Filesize

    64KB

    Download

  • memory/244-3-0x00000216A11F0000-0x00000216A1200000-memory.dmp

    Filesize

    64KB

    Download

  • memory/244-4-0x00000216A11F0000-0x00000216A1200000-memory.dmp

    Filesize

    64KB

    Download

  • memory/244-5-0x00000216A11F0000-0x00000216A1200000-memory.dmp

    Filesize

    64KB

    Download

  • memory/244-6-0x00000216A11F0000-0x00000216A1200000-memory.dmp

    Filesize

    64KB

    Download

  • memory/244-7-0x00000216A11F0000-0x00000216A1200000-memory.dmp

    Filesize

    64KB

    Download

  • memory/244-8-0x00000216BA750000-0x00000216BA850000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/244-9-0x00000216BA750000-0x00000216BA850000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/244-10-0x00000216BA750000-0x00000216BA850000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/244-11-0x00000216BA750000-0x00000216BA850000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/244-12-0x00007FF958C20000-0x00007FF9596E1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/244-13-0x00000216BA750000-0x00000216BA850000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/244-14-0x00000216A11F0000-0x00000216A1200000-memory.dmp

    Filesize

    64KB

    Download

  • memory/244-15-0x00000216BA750000-0x00000216BA850000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/244-16-0x00000216A11F0000-0x00000216A1200000-memory.dmp

    Filesize

    64KB

    Download

  • memory/244-17-0x00000216A11F0000-0x00000216A1200000-memory.dmp

    Filesize

    64KB

    Download

  • memory/244-18-0x00000216BA750000-0x00000216BA850000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/244-19-0x00000216A11F0000-0x00000216A1200000-memory.dmp

    Filesize

    64KB

    Download

  • memory/244-20-0x00000216A11F0000-0x00000216A1200000-memory.dmp

    Filesize

    64KB

    Download

  • memory/244-21-0x00007FF958C20000-0x00007FF9596E1000-memory.dmp

    Filesize

    10.8MB

    Download