Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

b4eeea8f42...2b.exe

windows7-x64

7

b4eeea8f42...2b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/03/2024, 14:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b4eeea8f4234fb822b735b5dc011cc2b.exe

  • Size

    744KB

  • MD5

    b4eeea8f4234fb822b735b5dc011cc2b

  • SHA1

    496d358081cb5fcc29164c72298126d351dfc89d

  • SHA256

    72868ade3b34bb7a205963a166a56392f2aa889036481c3a27435273db54df24

  • SHA512

    14cdacf90ad93b8d9d7f612b1740d81b9ac6c1046b5c1fec8713144608ef45b95c2509b712bfb3058ee23cd81573e65066fb523f5424a3d4d2d1aa8f1f2e9706

  • SSDEEP

    12288:MRygSktU4g/n/t0EW5A0zymvJwQ5oAlK+G6Kv+QIk6AQQ52LvRg0865wVbH9:QptU4gf2EW5A2RJr/kIKvFIk6zX+

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b4eeea8f4234fb822b735b5dc011cc2b.exe
    "C:\Users\Admin\AppData\Local\Temp\b4eeea8f4234fb822b735b5dc011cc2b.exe"
    1⤵
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2980
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\uninstal.bat
      2⤵
        PID:4888
    • C:\Program Files\360safe\360Safe.exe
      "C:\Program Files\360safe\360Safe.exe"
      1⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of AdjustPrivilegeToken
      PID:4712

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\360safe\360Safe.exe
      Filesize

      744KB

      MD5

      b4eeea8f4234fb822b735b5dc011cc2b

      SHA1

      496d358081cb5fcc29164c72298126d351dfc89d

      SHA256

      72868ade3b34bb7a205963a166a56392f2aa889036481c3a27435273db54df24

      SHA512

      14cdacf90ad93b8d9d7f612b1740d81b9ac6c1046b5c1fec8713144608ef45b95c2509b712bfb3058ee23cd81573e65066fb523f5424a3d4d2d1aa8f1f2e9706

      Download Submit

    • C:\Windows\uninstal.bat
      Filesize

      190B

      MD5

      d532741e608df3185362fbac87cd61ee

      SHA1

      55c2ad0ba02fc294c36f0cd81685b5cc3b09b576

      SHA256

      6573ba25d559566c6f8c4461c6fd32e199fffb282b5a4bc86de1efe753ddee8c

      SHA512

      efa7159bb2b652b788dc2e3713f3c91964eeca847d3cac482968da67c68116248e671d8ebb0a09b4d7574b61b3883b480380b298772671d7f412161c102775e9

      Download Submit

    • memory/2980-0-0x0000000000400000-0x00000000004C3000-memory.dmp

      Filesize

      780KB

      Download

    • memory/2980-1-0x0000000002370000-0x0000000002371000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2980-11-0x0000000000400000-0x00000000004C3000-memory.dmp

      Filesize

      780KB

      Download

    • memory/4712-6-0x0000000000400000-0x00000000004C3000-memory.dmp

      Filesize

      780KB

      Download

    • memory/4712-7-0x00000000005B0000-0x00000000005B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4712-8-0x0000000000400000-0x00000000004C3000-memory.dmp

      Filesize

      780KB

      Download