Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

Запит...в.zip

windows10-2004-x64

1

Resubmissions

23/01/2024, 20:35

240123-zc188ahfb7 1

18/01/2024, 14:17

240118-rl28wadbh2 7

18/01/2024, 14:15

240118-rkxl1acefl 1

Analysis

  • max time kernel
    1577s
  • max time network
    1516s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/01/2024, 20:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Запит документів.zip

  • Size

    58KB

  • MD5

    5897789b4e810d566cc4ce423072599d

  • SHA1

    0e99f9296739b4f964a13badaacfe6634b633273

  • SHA256

    32d3e0a2f60e69f21634e8acc853d5d62f86eddf13d8897355e6405c5ffc4d87

  • SHA512

    cad8c811b98f6ae6ce4aec2a7b97ae93cfad82ce9df83421a0385ce42dbc4dd5e12a399b78b790083156802e374662ccb32ff339e6c5f6facdf374aa7f74f6b1

  • SSDEEP

    1536:eDwthY/zOD9cN5tNDsq0jTKrhhhvs8CUmGUkMoIn:PczK2HHR8Yrhs8CUNfMZn

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Запит документів.zip"
    1⤵
      PID:432
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
      1⤵
        PID:4436
      • C:\Windows\System32\svchost.exe
        C:\Windows\System32\svchost.exe -k UnistackSvcGroup
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:3828

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3828-16-0x0000022FFFD40000-0x0000022FFFD50000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3828-36-0x0000022F88330000-0x0000022F88331000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3828-35-0x0000022F88220000-0x0000022F88221000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3828-34-0x0000022F88220000-0x0000022F88221000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3828-32-0x0000022F881F0000-0x0000022F881F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3828-0-0x0000022FFFC40000-0x0000022FFFC50000-memory.dmp

        Filesize

        64KB

        Download