Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

99a22b49d8...ef.exe

windows7-x64

10

99a22b49d8...ef.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    194s
  • max time network
    210s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/01/2024, 00:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    99a22b49d818a9d7d655ec1a9c727b5fa6949e625f4f0c92c4aa0a00a4e7adef.exe

  • Size

    707KB

  • MD5

    da1fbf454f24dbbc439edfeae98abf97

  • SHA1

    bfe04cc2ea1586e7a5ca41967957d924929b24cd

  • SHA256

    99a22b49d818a9d7d655ec1a9c727b5fa6949e625f4f0c92c4aa0a00a4e7adef

  • SHA512

    2e957636d379f3585f043b3d335196462e77f70b0c7b1ddf022e22b4352483eec953d1d386fcfcac47fde1ba9f2e7937df53a1e4c195f7136b7ef79a30200bb8

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1J8fvnh:6uaTmkZJ+naie5OTamgEoKxLW03h

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\99a22b49d818a9d7d655ec1a9c727b5fa6949e625f4f0c92c4aa0a00a4e7adef.exe
    "C:\Users\Admin\AppData\Local\Temp\99a22b49d818a9d7d655ec1a9c727b5fa6949e625f4f0c92c4aa0a00a4e7adef.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3348

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads