Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

spoofer_new.exe

windows10-1703-x64

8

Analysis

  • max time kernel
    15s
  • max time network
    17s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    12/07/2024, 20:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    spoofer_new.exe

  • Size

    608KB

  • MD5

    d095341534fddce28871264bed02bbf3

  • SHA1

    880e3ac5a5b50fb3013373dec1df80ce3ce6c59b

  • SHA256

    e807f820cfe3ea670af3b8994a31f4521cd64c0eedaaf11e96ccef100f741f2b

  • SHA512

    a0fff06ae0ec3f097e7e4786df2ca7def1304f1a2e720fb994458b5a3e443e60b532866345a3b4f995a7834332174cd3711deb76f118db8e987a30fd76134910

  • SSDEEP

    6144:F/KWCA3vyU4yMyCvSLPZvrIFQdGaWlMFYCAhh:F/KWH3BXLxvFdGnqFYC

Score
8/10
persistence

Malware Config

Signatures

  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\spoofer_new.exe
    "C:\Users\Admin\AppData\Local\Temp\spoofer_new.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4304
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\mp.exe C:\Users\dr.sys
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:784
      • C:\Users\mp.exe
        C:\Users\mp.exe C:\Users\dr.sys
        3⤵
        • Sets service image path in registry
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: LoadsDriver
        • Suspicious use of AdjustPrivilegeToken
        PID:3828
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c pause >nul
      2⤵
        PID:4496
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c exit
        2⤵
          PID:2888

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\mp.exe
        Filesize

        143KB

        MD5

        25ea0a6ed15a532a21da6371f1656d5e

        SHA1

        d0ee444918192e149d27e1eb366e33bb5de869ca

        SHA256

        fa5eefdaf551c1c8bcd22797b2584714301cbf75b9f8fbe66f5960f6b2b1d0b3

        SHA512

        41301663cd1cb9d5b514dbb4fd5131a9e922097f236ddbf6386ee9dbb1375b199be9c673612d07a96785e154484a21a0b2f1439fb9114f949869048acca0a5a8

        Download Submit