Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

1c5e3fb727...f9.exe

windows7-x64

7

1c5e3fb727...f9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 11:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1c5e3fb7273def46096f27d434d4fff9.exe

  • Size

    311KB

  • MD5

    1c5e3fb7273def46096f27d434d4fff9

  • SHA1

    b25b36c573feb3c3dadfbab186c0b87783f66cf1

  • SHA256

    0614c41fcc1d77563d0ebedf3a61090a5b2489eea4bba4812eddeea62958189d

  • SHA512

    5258ddbe6d97d0dd6ac56c6be9233dd39ae92b9211e3688ea64c7ba9f157edd55f83de00b4da7cbd0ab2b2d07c1ec11f3e6bda10f2a5fff0ac67a68b8c9727cf

  • SSDEEP

    3072:Ek6y38qiVy3aWuwpeTgYuAXHs+3xr9hvqBuMnwqCYf6I3HutHKc0Sps96pMFVzDS:Exg8qdPnsXM+3x9CwqCYfDO/W9bpyYq

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1c5e3fb7273def46096f27d434d4fff9.exe
    "C:\Users\Admin\AppData\Local\Temp\1c5e3fb7273def46096f27d434d4fff9.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\bhs4A67.tmp
    Filesize

    241KB

    MD5

    4019c3f4733fc5887b969239140c67dd

    SHA1

    e57bf75f8b7e361a11009c6112518972f82440fe

    SHA256

    cafe6f185347c30bd74a1fd8e774471ef1c5886369b13db44b923a905c8b9006

    SHA512

    74aabeeaf4d7304b64b7fe6642138663b0ff4e63a6bce57f8d23fba578e869af09fa94eb672e5176f1bcbb32b5ea95751f9dd201f83f773f8f368cbb8e087375

    Download Submit

  • memory/4920-9-0x0000000005260000-0x0000000005270000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4920-20-0x0000000074F30000-0x00000000756E0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4920-6-0x0000000005510000-0x00000000055A2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4920-5-0x0000000005A20000-0x0000000005FC4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4920-3-0x0000000074F30000-0x00000000756E0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4920-7-0x00000000054C0000-0x00000000054CA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4920-4-0x0000000005260000-0x0000000005270000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4920-10-0x0000000007820000-0x0000000007886000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4920-8-0x0000000005260000-0x0000000005270000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4920-19-0x000000000AFF0000-0x000000000B796000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/4920-2-0x00000000051C0000-0x0000000005202000-memory.dmp

    Filesize

    264KB

    Download

  • memory/4920-21-0x0000000005260000-0x0000000005270000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4920-22-0x0000000005260000-0x0000000005270000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4920-23-0x0000000005260000-0x0000000005270000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4920-24-0x0000000005260000-0x0000000005270000-memory.dmp

    Filesize

    64KB

    Download