Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

App.exe

windows7-x64

7

App.exe

windows10-2004-x64

7

Freemasonry (2).exe

windows7-x64

10

Freemasonry (2).exe

windows10-2004-x64

10

Freemasonry.exe

windows7-x64

3

Freemasonry.exe

windows10-2004-x64

7

NisSrv.exe

windows7-x64

10

NisSrv.exe

windows10-2004-x64

10

Presentati...he.exe

windows7-x64

1

Presentati...he.exe

windows10-2004-x64

10

SecurityHe...2).exe

windows7-x64

10

SecurityHe...2).exe

windows10-2004-x64

10

SessionService.exe

windows7-x64

10

SessionService.exe

windows10-2004-x64

10

SgrmBroker.exe

windows7-x64

10

SgrmBroker.exe

windows10-2004-x64

10

SocketHeciServer.exe

windows7-x64

10

SocketHeciServer.exe

windows10-2004-x64

10

cmd.exe

windows7-x64

10

cmd.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    41s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04/02/2024, 09:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PresentationFontCache.exe

  • Size

    705KB

  • MD5

    78c86cfe603739c575a5290d8b5bb85c

  • SHA1

    52e98defa2d9d428054695e47097cd330cd4a4f1

  • SHA256

    1dc33731f7d9da075f20e3900ca8e3c6c593c637fa32703123347bfaae3917f0

  • SHA512

    d740bf68c7a4a7200a24926d6b06f3184b5a2d3ac1e7debc4a4eb5f76935c8416c223f802cc3ad5179d641eda92b06687c1a16dc088f626fb71bd412e124c637

  • SSDEEP

    12288:ehGB+EDfS8sKMvqg6YBYiZfJMT9hMnJicP8YDTvNC9jCxjt:ehS+EDfSSMvqDYWiZuTrMnkcECTvNKW

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PresentationFontCache.exe
    "C:\Users\Admin\AppData\Local\Temp\PresentationFontCache.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1940-0-0x0000000001010000-0x00000000010C6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/1940-1-0x000007FEF4FB0000-0x000007FEF599C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1940-2-0x000000001AD90000-0x000000001AE10000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1940-3-0x000007FEF4FB0000-0x000007FEF599C000-memory.dmp

    Filesize

    9.9MB

    Download