Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

keygen.exe

windows7-x64

7

keygen.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/02/2024, 13:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    keygen.exe

  • Size

    324KB

  • MD5

    1537dfb19e396ee3687019d65b59db97

  • SHA1

    d0c35e7c5b3a6d0c9195408e21d28fd33020a0da

  • SHA256

    4a435e0b87e8bd6f3e9f9b306f661ff5428017f33f742fa0788107212757f64c

  • SHA512

    20076cd879e28d911d1288a6f70450eee75bd9446ba9479f5ad18488f05a1e775999de1384fa239ff914f8d810220ffc5e7a15bb9f1a4eb4c8f8c11b85836e9c

  • SSDEEP

    6144:nCWyPqAbxbDv6qjWYN0JdGn/oq/PO3sPQ/aH8ooxZPfv8I8:CQ2DvjjLNkdGn/oWPa1/aHCfb8

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\keygen.exe
    "C:\Users\Admin\AppData\Local\Temp\keygen.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:100
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x4ec 0x508
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\YoobFbFjHTDDEThKAPvG.DLL
    Filesize

    12KB

    MD5

    e6144fb36c1fdc6ba1d1afa9632588f8

    SHA1

    c4964264c6600fde210a644b639e2ea25ecb67e6

    SHA256

    b141412d0611571df381c26186b3fc438c725d6e45ad66fd76413322c17a9ac6

    SHA512

    400ca4e2ad987a88429da21d795f7365bd230ed4225e19b7841dcc09606e0afde2f3cc31aa8be4ee83dd3c6b0339cb2c13953523bdc8d2f547d953c6c6c8d339

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\eSnytfUGfniDLBKlNnGB.DLL
    Filesize

    35KB

    MD5

    76a9565c5f51775719eebda1f25530a5

    SHA1

    332feae4dba6b4a93bebea7a881a0fa758891091

    SHA256

    a1a7c4f74d4fe7784ed03709e5f946b94cc10a64e3ae0ad5a9a3bece9a8a2c0a

    SHA512

    79c9af704d1626cad9d44470585baf8d5f082b5d77c285fc6ae4862e99439f838fe9b1e745f8f2487fa64d5d7304954f66d0cef222db4dc9095a7294172094e9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ebuvDkbgja.DLL
    Filesize

    33KB

    MD5

    e4ec57e8508c5c4040383ebe6d367928

    SHA1

    b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06

    SHA256

    8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f

    SHA512

    77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822

    Download Submit

  • memory/100-37-0x0000000003880000-0x0000000003893000-memory.dmp

    Filesize

    76KB

    Download

  • memory/100-2-0x0000000002380000-0x0000000002381000-memory.dmp

    Filesize

    4KB

    Download

  • memory/100-1-0x0000000000630000-0x0000000000634000-memory.dmp

    Filesize

    16KB

    Download

  • memory/100-25-0x0000000003880000-0x0000000003893000-memory.dmp

    Filesize

    76KB

    Download

  • memory/100-26-0x0000000003880000-0x0000000003893000-memory.dmp

    Filesize

    76KB

    Download

  • memory/100-27-0x0000000000400000-0x00000000004D3000-memory.dmp

    Filesize

    844KB

    Download

  • memory/100-28-0x0000000003880000-0x0000000003893000-memory.dmp

    Filesize

    76KB

    Download

  • memory/100-29-0x0000000000400000-0x00000000004D3000-memory.dmp

    Filesize

    844KB

    Download

  • memory/100-30-0x0000000003880000-0x0000000003893000-memory.dmp

    Filesize

    76KB

    Download

  • memory/100-31-0x0000000000630000-0x0000000000634000-memory.dmp

    Filesize

    16KB

    Download

  • memory/100-32-0x0000000002380000-0x0000000002381000-memory.dmp

    Filesize

    4KB

    Download

  • memory/100-33-0x0000000003880000-0x0000000003893000-memory.dmp

    Filesize

    76KB

    Download

  • memory/100-34-0x0000000000400000-0x00000000004D3000-memory.dmp

    Filesize

    844KB

    Download

  • memory/100-35-0x0000000003880000-0x0000000003893000-memory.dmp

    Filesize

    76KB

    Download

  • memory/100-36-0x0000000000400000-0x00000000004D3000-memory.dmp

    Filesize

    844KB

    Download

  • memory/100-0-0x0000000000400000-0x00000000004D3000-memory.dmp

    Filesize

    844KB

    Download

  • memory/100-39-0x0000000003880000-0x0000000003893000-memory.dmp

    Filesize

    76KB

    Download

  • memory/100-38-0x0000000000400000-0x00000000004D3000-memory.dmp

    Filesize

    844KB

    Download

  • memory/100-50-0x0000000000400000-0x00000000004D3000-memory.dmp

    Filesize

    844KB

    Download

  • memory/100-41-0x0000000003880000-0x0000000003893000-memory.dmp

    Filesize

    76KB

    Download

  • memory/100-42-0x0000000000400000-0x00000000004D3000-memory.dmp

    Filesize

    844KB

    Download

  • memory/100-43-0x0000000003880000-0x0000000003893000-memory.dmp

    Filesize

    76KB

    Download

  • memory/100-44-0x0000000000400000-0x00000000004D3000-memory.dmp

    Filesize

    844KB

    Download

  • memory/100-45-0x0000000003880000-0x0000000003893000-memory.dmp

    Filesize

    76KB

    Download

  • memory/100-46-0x0000000000400000-0x00000000004D3000-memory.dmp

    Filesize

    844KB

    Download

  • memory/100-47-0x0000000003880000-0x0000000003893000-memory.dmp

    Filesize

    76KB

    Download

  • memory/100-48-0x0000000000400000-0x00000000004D3000-memory.dmp

    Filesize

    844KB

    Download

  • memory/100-49-0x0000000003880000-0x0000000003893000-memory.dmp

    Filesize

    76KB

    Download

  • memory/100-40-0x0000000000400000-0x00000000004D3000-memory.dmp

    Filesize

    844KB

    Download

  • memory/100-51-0x0000000003880000-0x0000000003893000-memory.dmp

    Filesize

    76KB

    Download

  • memory/100-52-0x0000000000400000-0x00000000004D3000-memory.dmp

    Filesize

    844KB

    Download

  • memory/100-53-0x0000000003880000-0x0000000003893000-memory.dmp

    Filesize

    76KB

    Download

  • memory/100-54-0x0000000000400000-0x00000000004D3000-memory.dmp

    Filesize

    844KB

    Download

  • memory/100-55-0x0000000003880000-0x0000000003893000-memory.dmp

    Filesize

    76KB

    Download

  • memory/100-56-0x0000000000400000-0x00000000004D3000-memory.dmp

    Filesize

    844KB

    Download

  • memory/100-57-0x0000000003880000-0x0000000003893000-memory.dmp

    Filesize

    76KB

    Download