Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

5216bb5222...40.exe

windows7-x64

10

5216bb5222...40.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 03:54 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5216bb522237025747fb9842fd766140.exe

  • Size

    152KB

  • MD5

    5216bb522237025747fb9842fd766140

  • SHA1

    99c6f02c60f09e7baa0a46b387111b599fb9fbd7

  • SHA256

    28ad6e46e20367d7608d87023d7f50b2efb425b46f0797d1e57d38bdde6b5b9d

  • SHA512

    36053ab90193424d6c014017aeaf127c778108ff8d972e662a5040d9c62124c22042d5c195650a1bee183830867dc4b5bcabaac97daed11e3d50be7608d420cb

  • SSDEEP

    3072:k/QMFZvOsi67UvPql3psQl0XD6VIOsHbM2N2eGWYxJ9jTbRfZUh:/MVRUvQ3rXKLbM2cIS9jXRqh

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5216bb522237025747fb9842fd766140.exe
    "C:\Users\Admin\AppData\Local\Temp\5216bb522237025747fb9842fd766140.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2144
    • C:\Users\Admin\AppData\Local\Temp\5216bb522237025747fb9842fd766140.exe
      "C:\Users\Admin\AppData\Local\Temp\5216bb522237025747fb9842fd766140.exe"
      2⤵
      • Modifies WinLogon for persistence
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3020

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2144-1-0x0000000000330000-0x0000000000349000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2144-17-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2144-4-0x0000000000020000-0x0000000000022000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2144-0-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/3020-5-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3020-7-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3020-10-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3020-13-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3020-14-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3020-2-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3020-19-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3020-22-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3020-20-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3020-23-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3020-26-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.