Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

144d34c6fc...dd.exe

windows7-x64

7

144d34c6fc...dd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    134s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 09:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    144d34c6fc809770681889c28ddefadd.exe

  • Size

    91KB

  • MD5

    144d34c6fc809770681889c28ddefadd

  • SHA1

    e987ec191699c99002ac371be559f78d73c81d0a

  • SHA256

    399d7f2ae9cbb0395cf1d49299aa74dfc31c9cd1674e00e1b9edd46b16ee6216

  • SHA512

    d214b282f74963c0fcfe967acd603f475b19e19ffc240a69eadde3d10a8bb5086cf1a8c572497789274c9bff32e586430acde0be825f6ca36377a23c801bf605

  • SSDEEP

    1536:DLJsQn+4g1FqgL3zQaP/+55ubKhZZaA9NWFNRbdmR7z+GrdODncNO1b3My8:32qgLEaXbCZZhwmx+GCncNYb8y

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\144d34c6fc809770681889c28ddefadd.exe
    "C:\Users\Admin\AppData\Local\Temp\144d34c6fc809770681889c28ddefadd.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    PID:316
  • C:\Windows\svchost.exe
    C:\Windows\svchost.exe
    1⤵
    • Executes dropped EXE
    PID:3024
  • C:\Windows\SysWOW64\kernl32.exe
    C:\Windows\SysWOW64\kernl32.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:1276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\kernl32.exe
    Filesize

    116KB

    MD5

    d0dfd1bcadf39b25aa2f00846a700da6

    SHA1

    4fc21718ab5ca626542817a06155c087fa35f1fb

    SHA256

    af1f7f89c96c4f27966f1af5c46b9a1064089efad08335cac36d260145f788c6

    SHA512

    466cba36e4d552ef06f5bb1747d2a0b30f172953608ec10a02ec2493d671784e641803cb662d41091eb9e06c1b2b527b02811f8a2161ab661d3e02885c8adf45

    Download Submit

  • C:\Windows\svchost.exe
    Filesize

    41KB

    MD5

    55de8a59e1470a9c99b3a8ed2fad1f5c

    SHA1

    d11484e7dd02495b05795ac10795065de974d347

    SHA256

    dfd430247ee0e81ff5088c9dd14d54fe8a4fcfbdece11d04d08c7749d8dbf5bb

    SHA512

    f9399739b7a9750152bf9a6c9ae0d7f25a670e50802a8a6bf57fe9e0e87d59674f353c5d526ae438eb95a33bca6bdd1b2d40f7e9d851115c1f693e4ed9543de9

    Download Submit

  • memory/316-6-0x0000000000400000-0x000000000043B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/1276-27-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/1276-21-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/1276-35-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/1276-11-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/1276-33-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/1276-13-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/1276-31-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/1276-15-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/1276-29-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/1276-17-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/1276-25-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/1276-19-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/1276-23-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/1276-9-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/3024-18-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3024-36-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3024-26-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3024-20-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3024-10-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3024-28-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3024-32-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3024-24-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3024-22-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3024-16-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3024-34-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3024-14-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3024-30-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3024-12-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download