Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

40c4b11105...99.exe

windows7-x64

10

40c4b11105...99.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/01/2024, 11:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    40c4b11105db1386e30bc870183a6499.exe

  • Size

    354KB

  • MD5

    40c4b11105db1386e30bc870183a6499

  • SHA1

    c91b01612d0a67a9200a6f0780d554a5c1e321fd

  • SHA256

    ec93dd2c8432d31d3be69a3538a20fd344090246dd7289a2db829d9048ce9b5e

  • SHA512

    70fb8f93c6c48cd890990ccb3a8ae85851ba44e94c294cf4aa1760bcdc20daae3e77ad381fbb699e1eb473223643d518f0c47a8955d9f1d700ace5128a575c59

  • SSDEEP

    6144:I2pRrUqddTQZokHv1rQJvnRIAYjY35AiZkpoks5UF1Sf5jGPW2LdMgDbq6nk1/3i:IqUudBkP1UJZIIJpkDrF1SoP/dTBk1/3

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 17 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\40c4b11105db1386e30bc870183a6499.exe
    "C:\Users\Admin\AppData\Local\Temp\40c4b11105db1386e30bc870183a6499.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4256
    • C:\Users\Admin\AppData\Local\ad0c643d\X
      176.53.17.23:80
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3752
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe"
      2⤵
      • Deletes itself
      PID:3216
  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of UnmapMainImage
    PID:3468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\ad0c643d\X
    Filesize

    41KB

    MD5

    686b479b0ee164cf1744a8be359ebb7d

    SHA1

    8615e8f967276a85110b198d575982a958581a07

    SHA256

    fcfbb4c648649f4825b66504b261f912227ba32cbaabcadf4689020a83fb201b

    SHA512

    7ed8022e2b09f232150b77fc3a25269365b624f19f0b50c46a4fdf744eeb23294c09c051452c4c9dbb34a274f1a0bfc54b3ff1987ec16ae2e54848e22a97ed64

    Download Submit

  • memory/3468-8-0x0000000002550000-0x0000000002558000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4256-1-0x0000000000400000-0x0000000000466244-memory.dmp

    Filesize

    408KB

    Download

  • memory/4256-2-0x00000000006F0000-0x00000000007F0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/4256-9-0x0000000000400000-0x0000000000466244-memory.dmp

    Filesize

    408KB

    Download

  • memory/4256-11-0x0000000000400000-0x0000000000466244-memory.dmp

    Filesize

    408KB

    Download