Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

2df1428283...04.exe

windows7-x64

7

2df1428283...04.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 16:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2df142828348d2957d126f31e8343c04.exe

  • Size

    1.3MB

  • MD5

    2df142828348d2957d126f31e8343c04

  • SHA1

    7d372595da310264871a00fd6dfb609afe052f5d

  • SHA256

    22f35c559f9aee7f235f08b08003c36d9d7ca43240b47517a0b2aa0fe197135f

  • SHA512

    221c76c0c5b32b633e6c167480c6ef693f0610c7f8afa591cb1cf17c4460b62ed7c0d5684953bf10e22d823eec3da5c1c36f442d448acd7a9fd81c2b19349750

  • SSDEEP

    24576:UnIAiW5XlHXbH/l4dTPwz8uXq8xAE6g1xNjNx9ovXKAWqcCLxQpQ3KwsW3:CIKNBXkPvD8mE6g13NxSv6A/xAwp

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Use of msiexec (install) with remote resource 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2df142828348d2957d126f31e8343c04.exe
    "C:\Users\Admin\AppData\Local\Temp\2df142828348d2957d126f31e8343c04.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2872
    • C:\Users\Admin\AppData\Local\Temp\vKr83A.exe
      "C:\Users\Admin\AppData\Local\Temp\vKr83A.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2120
      • C:\Windows\SysWOW64\MSIEXEC.EXE
        MSIEXEC.EXE /i "http://setup.realtimegaming.com/36175/cdn/sunpalace/Sun Palace Casino20110901014501.msi" DDC_DID=685852 DDC_RTGURL=http://216.93.176.186/dl/TrackSetup/TrackSetup.aspx?DID=685852 DDC_UPDATESTATUSURL=http://196.40.83.82:8080/sunpalacecasino/Lobby.WebServices/Installer.asmx SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp" SETUPEXENAME="vKr83A.exe"
        3⤵
        • Use of msiexec (install) with remote resource
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:2608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads