Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

b8f7f1c3cb...a6.exe

windows7-x64

10

b8f7f1c3cb...a6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    155s
  • max time network
    164s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/03/2024, 14:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b8f7f1c3cb54dd98956cfade0d5b02a6.exe

  • Size

    336KB

  • MD5

    b8f7f1c3cb54dd98956cfade0d5b02a6

  • SHA1

    802cedcb7f89c6df1dc1bd36ace24c66474cd0ab

  • SHA256

    26a771ec1b7159b3009984f59822620ba5bcd2a675e290a1334ff3a2536ae5ea

  • SHA512

    2f9f862f39bb8a1cf87f44a848bb2e8b12f56215643e3643b6e08278023c9195356dd030f2ddbb304149887958925e5b1fb8d0f2a8ff51dd2b0ee8f84d14b0ae

  • SSDEEP

    6144:ENr04w8GJEotOrtacrFhqxvtiIZTYix3BuYBIbgmOTd3w:ENr04rnrtacrnnOTYi3B+gmO53

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious use of UnmapMainImage
    PID:3360
    • C:\Users\Admin\AppData\Local\Temp\b8f7f1c3cb54dd98956cfade0d5b02a6.exe
      "C:\Users\Admin\AppData\Local\Temp\b8f7f1c3cb54dd98956cfade0d5b02a6.exe"
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:116
      • C:\Users\Admin\AppData\Local\9fc7b2d2\X
        193.105.154.210:80
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1360
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3688 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:748

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\9fc7b2d2\X
      Filesize

      41KB

      MD5

      686b479b0ee164cf1744a8be359ebb7d

      SHA1

      8615e8f967276a85110b198d575982a958581a07

      SHA256

      fcfbb4c648649f4825b66504b261f912227ba32cbaabcadf4689020a83fb201b

      SHA512

      7ed8022e2b09f232150b77fc3a25269365b624f19f0b50c46a4fdf744eeb23294c09c051452c4c9dbb34a274f1a0bfc54b3ff1987ec16ae2e54848e22a97ed64

      Download Submit

    • memory/116-1-0x0000000000400000-0x000000000045C8E4-memory.dmp

      Filesize

      370KB

      Download

    • memory/116-2-0x00000000009A0000-0x0000000000AA0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/116-9-0x0000000000400000-0x000000000045C8E4-memory.dmp

      Filesize

      370KB

      Download

    • memory/116-11-0x00000000009A0000-0x0000000000AA0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/116-12-0x0000000000400000-0x000000000045C8E4-memory.dmp

      Filesize

      370KB

      Download

    • memory/3360-8-0x0000000001230000-0x0000000001238000-memory.dmp

      Filesize

      32KB

      Download