Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    31s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 00:15

General

  • Target

    45a72413e7c262f93bd2b20f5a7a910c.exe

  • Size

    140KB

  • MD5

    45a72413e7c262f93bd2b20f5a7a910c

  • SHA1

    a786e136c5340b0272fea2e7b442a627524f93ad

  • SHA256

    e6c5486b6d588ca08eabd9932e8e1c86a6435a9194d7d5b13d2c99a6ec928682

  • SHA512

    41a78d04da2a9fded269d9829b58decd437a062d640fe2937b16c472ef997146094605586f8bca7fa2da227ed1f5852e3cd2ac055687623f7995d2f4b8d941e3

  • SSDEEP

    3072:Bs+64RgJhNlgiIDpuMU0iR/Rn6lWKE6zTuAQaH2Ux:Kn4RgJhPPx0g/Rn2/E6zLhHt

Score
6/10

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\45a72413e7c262f93bd2b20f5a7a910c.exe
    "C:\Users\Admin\AppData\Local\Temp\45a72413e7c262f93bd2b20f5a7a910c.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious behavior: RenamesItself
    • Suspicious use of AdjustPrivilegeToken
    PID:2416

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2416-1-0x00000000020D0000-0x00000000021D0000-memory.dmp

    Filesize

    1024KB

  • memory/2416-0-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

  • memory/2416-2-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

  • memory/2416-4-0x00000000020D0000-0x00000000021D0000-memory.dmp

    Filesize

    1024KB