Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

keygen.exe

windows7-x64

7

keygen.exe

windows10-2004-x64

7

www.suryadewa.com.url

windows7-x64

6

www.suryadewa.com.url

windows10-2004-x64

3

Analysis

  • max time kernel
    147s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/04/2024, 02:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    keygen.exe

  • Size

    63KB

  • MD5

    26137f9d34520b2b8241627c6d84e1dc

  • SHA1

    61a47a760cfa849fe1fcf10269445c5f2555610c

  • SHA256

    4aa8724d5c32257359189223660ba586e50ef10cbfccb49a8ef672635a5c7807

  • SHA512

    c5e27fc3accb868f3b7e6141e14a7427f0c2d1abeed671dca49967a7982ac1f6c983e56075fd254858062affc5829068bfe4dc0523621b35f2e3acbd8ed09bc5

  • SSDEEP

    1536:KV5+DQ/jizwlrCQA1C90lCx9ZFBRBSRuqy7CnvIdlN:KVSuU4ABUb5qMCngdl

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\keygen.exe
    "C:\Users\Admin\AppData\Local\Temp\keygen.exe"
    1⤵
    • Loads dropped DLL
    PID:212
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x2b4 0x504
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\mcsqPuXWdCUGPKQtkfZO.DLL
    Filesize

    35KB

    MD5

    76a9565c5f51775719eebda1f25530a5

    SHA1

    332feae4dba6b4a93bebea7a881a0fa758891091

    SHA256

    a1a7c4f74d4fe7784ed03709e5f946b94cc10a64e3ae0ad5a9a3bece9a8a2c0a

    SHA512

    79c9af704d1626cad9d44470585baf8d5f082b5d77c285fc6ae4862e99439f838fe9b1e745f8f2487fa64d5d7304954f66d0cef222db4dc9095a7294172094e9

    Download Submit

  • memory/212-13-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/212-15-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/212-8-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/212-9-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/212-10-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/212-11-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/212-12-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/212-0-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/212-1-0x00000000005E0000-0x00000000005E2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/212-16-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/212-14-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/212-17-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/212-18-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/212-19-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/212-20-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/212-21-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/212-22-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download