Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Maxar.exe

windows7-x64

7

Maxar.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    92s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/02/2024, 03:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Maxar.exe

  • Size

    182.5MB

  • MD5

    6fd5d31d607a212c6f7651c79e7655a3

  • SHA1

    ddd18e208aff7b00a46e06f8d9485f81ff4221ea

  • SHA256

    364275326bbfc4a3b89233dabdaf3230a3d149ab774678342a40644ad9f8d614

  • SHA512

    ab9f749ee6eb0c9c2fd0f9f3f55be3d17835a1285af72f2dc1eef74a6191a6a988345b556d0ff76f9a59585e3cd56a724bec4389418b4748b2f72b7128b949a7

  • SSDEEP

    786432:fcfVFSPTqkFfux1Kq0DsqEnz1XSY3v9XSIsmhidXposvHH7QdPA0mgErPrzlcEsp:EfzSPTqkGM16zsY3hSCKWsf7QggmzKEG

Score
7/10
persistence

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Maxar.exe
    "C:\Users\Admin\AppData\Local\Temp\Maxar.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of AdjustPrivilegeToken
    PID:1932

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\.net\Maxar\U3dTN8CxsgtnCFkKQPxCbpoP9A0FDxI=\D3DCompiler_47_cor3.dll
    Filesize

    4.7MB

    MD5

    2191e768cc2e19009dad20dc999135a3

    SHA1

    f49a46ba0e954e657aaed1c9019a53d194272b6a

    SHA256

    7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

    SHA512

    5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\Maxar\U3dTN8CxsgtnCFkKQPxCbpoP9A0FDxI=\PresentationNative_cor3.dll
    Filesize

    557KB

    MD5

    baff32fbc35d4e5f9ccab6b41e0c39c1

    SHA1

    8ca53175ceda8dc77a5ced7927198d8ff9a1cf73

    SHA256

    221640295b0a31860aa14571626b3e700af97e3f4a41e66e05782dfb2487ec47

    SHA512

    eb75851f27b145bcb4ae273f0f243e9aaa63d06ddd68feec818c64ee8a49b06d372e9331d25ea7ffde3d15fbd27933b47217553279f8e9f9caa067ac68955a94

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\Maxar\U3dTN8CxsgtnCFkKQPxCbpoP9A0FDxI=\wpfgfx_cor3.dll
    Filesize

    1.9MB

    MD5

    d16131ef1c307d893b663e26a18ac583

    SHA1

    478a8df88c925ef496f2fdba2821fcf9dd7a307f

    SHA256

    bcd20e8d9f46a84eab00a87d6b4c30211100c68a42b409ef8f974922667efb37

    SHA512

    c3ef5894aa45fd9cc50bcfe65842c76ca6b23ccaa249871b1f22fe81d908037bbeacec0a6640ef3ea0d1e52cbaec8817635f4a8e045540d1ee6408f0a1ac526c

    Download Submit