Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

testx2-mai...64.sys

windows7-x64

1

testx2-mai...64.sys

windows10-2004-x64

1

testx2-mai...1).exe

windows7-x64

1

testx2-mai...1).exe

windows10-2004-x64

1

testx2-mai...0).exe

windows7-x64

1

testx2-mai...0).exe

windows10-2004-x64

1

testx2-mai...1).exe

windows7-x64

1

testx2-mai...1).exe

windows10-2004-x64

1

testx2-mai...2).exe

windows7-x64

1

testx2-mai...2).exe

windows10-2004-x64

1

testx2-mai...3).exe

windows7-x64

1

testx2-mai...3).exe

windows10-2004-x64

1

testx2-mai...4).exe

windows7-x64

1

testx2-mai...4).exe

windows10-2004-x64

1

testx2-mai...5).exe

windows7-x64

1

testx2-mai...5).exe

windows10-2004-x64

1

testx2-mai...6).exe

windows7-x64

1

testx2-mai...6).exe

windows10-2004-x64

1

testx2-mai...7).exe

windows7-x64

1

testx2-mai...7).exe

windows10-2004-x64

1

testx2-mai...8).exe

windows7-x64

1

testx2-mai...8).exe

windows10-2004-x64

1

testx2-mai...9).exe

windows7-x64

1

testx2-mai...9).exe

windows10-2004-x64

1

testx2-mai...2).exe

windows7-x64

1

testx2-mai...2).exe

windows10-2004-x64

1

testx2-mai...0).exe

windows7-x64

1

testx2-mai...0).exe

windows10-2004-x64

1

testx2-mai...1).exe

windows7-x64

1

testx2-mai...1).exe

windows10-2004-x64

1

testx2-mai...2).exe

windows7-x64

1

testx2-mai...2).exe

windows10-2004-x64

1

Analysis

  • max time kernel
    199s
  • max time network
    292s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    08/07/2024, 12:10 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    testx2-main/ads (13).exe

  • Size

    362KB

  • MD5

    b16954807827ccfa1e4738fce1089b62

  • SHA1

    b2f6607d68e4d197892c515b16b3f61252304120

  • SHA256

    2f8c68901f8df6f67796a8a892dd517c2011b93f271da04ed55448e9686ad984

  • SHA512

    48726f50886b81a08317a0db0171ae3264880d43514086766e3f9a354b59101cf0755f8d815ad6979eab8c7fcc62969ff977ed9d780f30323f6143697869c0ed

  • SSDEEP

    6144:eluUm0Yxw8f9ZzJ83K1woh8iMFJrCK1vHkk:eIUmXw29EYwoip

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\testx2-main\ads (13).exe
    "C:\Users\Admin\AppData\Local\Temp\testx2-main\ads (13).exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1904
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\testx2-main\xmrigMiner.exe" --daemonized
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2208
      • C:\Users\Admin\AppData\Local\Temp\testx2-main\xmrigMiner.exe
        C:\Users\Admin\AppData\Local\Temp\testx2-main\xmrigMiner.exe --daemonized
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:1616

Network

  • flag-us
    DNS
    sg-zephyr.miningocean.org
    xmrigMiner.exe
    Remote address:
    8.8.8.8:53
    Request
    sg-zephyr.miningocean.org
    IN A
    Response
    sg-zephyr.miningocean.org
    IN A
    51.79.157.201
  • 51.79.157.201:5332
    sg-zephyr.miningocean.org
    xmrigMiner.exe
    1.6kB
     6.6kB
     17
    16
  • 8.8.8.8:53
    sg-zephyr.miningocean.org
    dns
    xmrigMiner.exe
    71 B
     87 B
     1
    1

    DNS Request

    sg-zephyr.miningocean.org

    DNS Response

    51.79.157.201

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1616-0-0x0000000000280000-0x00000000002A0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1616-4-0x00000000024E0000-0x0000000002500000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1616-3-0x00000000024C0000-0x00000000024E0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1616-2-0x0000000002480000-0x00000000024A0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1616-5-0x0000000002590000-0x00000000025B0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1616-9-0x00000000027A0000-0x00000000027C0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1616-8-0x00000000026F0000-0x0000000002710000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1616-7-0x00000000026D0000-0x00000000026F0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1616-6-0x00000000026B0000-0x00000000026D0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1616-1-0x00000000024A0000-0x00000000024C0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1616-10-0x00000000024A0000-0x00000000024C0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1616-13-0x00000000024E0000-0x0000000002500000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1616-12-0x00000000024C0000-0x00000000024E0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1616-11-0x0000000002480000-0x00000000024A0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1616-14-0x0000000002590000-0x00000000025B0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1616-15-0x00000000026B0000-0x00000000026D0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1616-18-0x00000000027A0000-0x00000000027C0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1616-17-0x00000000026F0000-0x0000000002710000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1616-16-0x00000000026D0000-0x00000000026F0000-memory.dmp

    Filesize

    128KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.