Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

stager.exe

windows7-x64

1

stager.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/01/2024, 12:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    stager.exe

  • Size

    965KB

  • MD5

    528182768aa1bd3fa9493ad43aa031c3

  • SHA1

    40e36425cbae0dfa0c9851f1a18a1899f625ed30

  • SHA256

    db1de8a7407d2c63c71e96085d1f52bffd8db45beb5500333e9fbe5434ad3cae

  • SHA512

    e6251280fde8b8a0ef83811ab8c2ae8a99d53d3b3f192c7e331d7d86fab9e9974ee3f54bf1541ca018f8662d4e5a4b6e3c7b024dfadb4cc67d0ab85c93f3c749

  • SSDEEP

    12288:QWsoMmEJ20MDsmRCDvL2nE/lS/MxSMZGlsok7XYZnxpyFmruMI4oV:d4mEJWDWDvL2nE/lS/M7SxpyYuM

Score
10/10

Malware Config

Signatures

  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\stager.exe
    "C:\Users\Admin\AppData\Local\Temp\stager.exe"
    1⤵
    • Suspicious use of NtCreateUserProcessOtherParentProcess
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of WriteProcessMemory
    PID:1548
  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3468
      • C:\Windows\explorer.exe
        explorer.exe
        2⤵
          PID:1364

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1364-17-0x00000000008F0000-0x00000000008F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1548-0-0x000001C9F8090000-0x000001C9F8091000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1548-18-0x00007FF60F2A0000-0x00007FF60F397000-memory.dmp

        Filesize

        988KB

        Download