Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0795d0b923...61.exe

windows7-x64

1

0795d0b923...61.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    167s
  • max time network
    176s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/01/2024, 05:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0795d0b923af9099140b9707504394a6c99767d2a6a376dc7a202ff1364e5561.exe

  • Size

    1.2MB

  • MD5

    25d579527437d06cc4390943be98948f

  • SHA1

    4d50fd5938827c84a08346610a9afe53c4c76d91

  • SHA256

    0795d0b923af9099140b9707504394a6c99767d2a6a376dc7a202ff1364e5561

  • SHA512

    03837f62a53a5575f49c3e435e735d0cf28437742ad4baac87e897e4eb453de415b66f6fac8a59332640f35ba4e80ae8ae11e0a64273eb74e40073dc04c458d4

  • SSDEEP

    12288:XZP/aK2vB+ZUBL8252uui8FbECP7BhdfswdJ0NXdU8ZWH7DEP1rCJ7U3r:XNCKAByt2rR8FfBhRJUEbDk1ulU7

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 7 IoCs
  • Drops file in System32 directory 8 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Modifies data under HKEY_USERS 5 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0795d0b923af9099140b9707504394a6c99767d2a6a376dc7a202ff1364e5561.exe
    "C:\Users\Admin\AppData\Local\Temp\0795d0b923af9099140b9707504394a6c99767d2a6a376dc7a202ff1364e5561.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:3344
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    PID:216
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    PID:4340
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:3804
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:3300
    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:3192
    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:4736
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:180
    • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
      "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
      1⤵
      • Executes dropped EXE
      PID:3444

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      Filesize

      2.1MB

      MD5

      da60a46267d47e0f6fdef1693c472885

      SHA1

      30e8021076600d34a60c9804b7a5c7acc7e03816

      SHA256

      acc38c35e04336ffc63ec562fafd64d8dbcfa7461c992e9cbccc415515e48dc9

      SHA512

      d0fd3bf4d9c84abf3dcfbca221671f1c2f3ca5ab5e8e2b1b6be70f45387c3f4230908b3fcf72bbc3eb5d92cec65691678acd5723f9e4a663956bfad95093da24

      Download Submit

    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      Filesize

      1.3MB

      MD5

      0c47607b70aed261edf8be990aa220ff

      SHA1

      3ef3d0981b78c3ae6d68afc27168488c6ee13d57

      SHA256

      6f0ff88e729e4de0545e568ab5fdbc375d6477cb1cd0f2ee94ebc2036e0d0d21

      SHA512

      e7086d079d8ddc25b0c58eb2febb960ef19f94d4b9cafdd987deddb3189dc19e8f6d3bfaa43aa64e36155bc5fab940975859e2ff9ce53d29506f7bea009eacd5

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
      Filesize

      1.3MB

      MD5

      7590c360ff181664437a09c17af9e6e0

      SHA1

      9892f677b4910eb461f8063062ef1b992a67544b

      SHA256

      f30e1768496c70bbba4c0252e797d432be6a195cea25b3086a24d0f101236efd

      SHA512

      119d91fc3b3df5d0af0ebf03a40e3c6149195ecc89ba844e21d138a7fc9b38f58f3ceacc446d8003704d3d2f57f19271bf5d2c71e332d3985eb39b6a4bf7b0df

      Download Submit

    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      Filesize

      2.1MB

      MD5

      3a9891bb91ddc03cb147420ebe361ff2

      SHA1

      cbadad3b89a2e9c898b42b75ac90c1116e4c6377

      SHA256

      e40194a372d0510c4011f61549ce3277f56a8532a36917c664347e4d42e62435

      SHA512

      5a0a5764394bd0979dcf81c7dc7eb2cf4386b6324f123929948d2779c63dfb946027272425a50fbeb3b0f14ec794dd1b2b47e8ba1a49fba539f3cb246f63c13c

      Download Submit

    • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
      Filesize

      1.2MB

      MD5

      32a3f7a9e12b29d819d5000754a6d96e

      SHA1

      597604bdf6d7dfb8a20f15200dc6d8c0a430168d

      SHA256

      ef5112dd5e0ec0f828ac2124e2291fa5a035c4837aa3b8644f473bd30cacd987

      SHA512

      96d181bfe4c4a1e1e650843cb44018d8ba13a87bb8831979366aab93c655aa7f912686f1e438344703ab16bafdf6bd324eab0d89ee0132adddace6dc3fde9081

      Download Submit

    • C:\Windows\System32\FXSSVC.exe
      Filesize

      1.2MB

      MD5

      4e039b95fa14d5a0ab963a7149e4e974

      SHA1

      8a72fe38b41f4f8b90e75411f42a0502b4f7005c

      SHA256

      2e34f296beab74ef87784f2217426c978c17d9527aa33dec57fa059a50bf1a75

      SHA512

      d199457d20c943282b03dbbe6094c55a54579643476c35357257f5a705265a61748740b36bd9d1543239b5612fa79330f321f918b013c08410714e14bb7ae791

      Download Submit

    • C:\Windows\System32\alg.exe
      Filesize

      1.2MB

      MD5

      882f915a4dc2fb7bf1d8e47161d696a6

      SHA1

      4090f0f4c62d27dd02c6ddd39017283333680773

      SHA256

      bdb03ce67bb41508404c8367b6a64c32acf31542d57fcf8ed0a943e58d374d30

      SHA512

      139897e720d61b3280fd70ddc20bdeac4019580c0610cb63e0ed3f77c132779dd6c892441b66b554ef9f43055541ea0d8cea8e0f2de192ae4193c6ce1bc771d3

      Download Submit

    • C:\Windows\system32\AppVClient.exe
      Filesize

      1.3MB

      MD5

      e47e86fe3df666850705ff43b10d836c

      SHA1

      53ecc0e3b5ac5a6bd15cc465d85bd97d6a69c980

      SHA256

      73df2baca9a77b3f56cc14234c1b48d0ec12c2c64f0efdcb3eb086e65906a3be

      SHA512

      15026bcb51d5cf64f46e72b249dda227908813eff5835e64a3a8b79f7c5f0e48458475c8c8331f24c8ace5e50f444c945867e9b1b13338e0514ee198ad788ab6

      Download Submit

    • memory/180-60-0x0000000140000000-0x0000000140156000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/180-67-0x0000000001A60000-0x0000000001AC0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/180-61-0x0000000001A60000-0x0000000001AC0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/180-70-0x0000000001A60000-0x0000000001AC0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/180-72-0x0000000140000000-0x0000000140156000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/216-13-0x0000000140000000-0x0000000140136000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/216-75-0x0000000140000000-0x0000000140136000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/3192-44-0x0000000000830000-0x0000000000890000-memory.dmp

      Filesize

      384KB

      Download

    • memory/3192-100-0x0000000140000000-0x0000000140237000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/3192-35-0x0000000140000000-0x0000000140237000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/3192-36-0x0000000000830000-0x0000000000890000-memory.dmp

      Filesize

      384KB

      Download

    • memory/3300-38-0x0000000140000000-0x0000000140135000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/3300-29-0x0000000140000000-0x0000000140135000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/3344-46-0x0000000000400000-0x0000000000544000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/3344-1-0x0000000000B10000-0x0000000000B76000-memory.dmp

      Filesize

      408KB

      Download

    • memory/3344-0-0x0000000000400000-0x0000000000544000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/3344-12-0x0000000000400000-0x0000000000544000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/3344-7-0x0000000000B10000-0x0000000000B76000-memory.dmp

      Filesize

      408KB

      Download

    • memory/3344-6-0x0000000000B10000-0x0000000000B76000-memory.dmp

      Filesize

      408KB

      Download

    • memory/3444-168-0x0000000140000000-0x000000014015B000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/3444-83-0x0000000000420000-0x0000000000480000-memory.dmp

      Filesize

      384KB

      Download

    • memory/3444-77-0x0000000140000000-0x000000014015B000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/3444-76-0x0000000000420000-0x0000000000480000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4340-18-0x00000000006D0000-0x0000000000730000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4340-17-0x0000000140000000-0x0000000140135000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/4340-24-0x00000000006D0000-0x0000000000730000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4340-85-0x0000000140000000-0x0000000140135000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/4736-56-0x00000000001A0000-0x0000000000200000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4736-49-0x00000000001A0000-0x0000000000200000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4736-118-0x0000000140000000-0x000000014022B000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/4736-50-0x0000000140000000-0x000000014022B000-memory.dmp

      Filesize

      2.2MB

      Download