Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

Stand.Laun...2).exe

windows7-x64

Stand.Laun...2).exe

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    118s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/08/2024, 23:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Stand.Launchpad (2).exe

  • Size

    74KB

  • MD5

    807c001be05d0e835337cc366aaba56d

  • SHA1

    fcc4fae0461da8f17f8ee274e338bcee97762c4c

  • SHA256

    265d3e48e4a72afdaca712aa3bdee4a6a8676e4080fba1a0920546a14a6100be

  • SHA512

    d867e1624962e6598c2f63f5968713e9dc0a9092867d38e8dc20f469fd6f5bc44196eb287fe0af672ca4c45d217b6b250abf63c493bd690067bb5ca76fc74aab

  • SSDEEP

    768:7/IPeZXaHQBFiFKMXjMlvhmndydfvdZIgiRVe7eFcc5tul5scYhb:MPtYahMBhmnYdZIgCQyOl5scmb

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Stand.Launchpad (2).exe
    "C:\Users\Admin\AppData\Local\Temp\Stand.Launchpad (2).exe"
    1⤵
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:5060
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:1984
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4388
      • C:\Windows\system32\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\Stand\Bin\Stand 24.8.12.dll
        2⤵
          PID:5076

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\Stand\Bin\Stand 24.8.12.dll
        Filesize

        7.8MB

        MD5

        6a1aff622cb52c24786873b8ad341e43

        SHA1

        c1060e56aa295e75946e86c9d57e9a1cf9a256e3

        SHA256

        5234243cc652c56761db1064692ba97a93024860e46423edbb7baf8ca699368d

        SHA512

        76fdf5b9283bc20dcf9c0de4c3b9bc2ebd443e2cbac6b41780418420d3f81ee58f115f12d86de5b694bf702c1abb5fe5e6c4d32bbbeed893800eb5c1f533eb64

        Download Submit

      • memory/5060-1-0x0000012C1B420000-0x0000012C1B436000-memory.dmp

        Filesize

        88KB

        Download

      • memory/5060-0-0x00007FFD07613000-0x00007FFD07615000-memory.dmp

        Filesize

        8KB

        Download

      • memory/5060-2-0x00007FFD07610000-0x00007FFD080D1000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/5060-5-0x00007FFD07610000-0x00007FFD080D1000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/5060-6-0x00007FFD07610000-0x00007FFD080D1000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/5060-9-0x00007FFD07613000-0x00007FFD07615000-memory.dmp

        Filesize

        8KB

        Download

      • memory/5060-10-0x00007FFD07610000-0x00007FFD080D1000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/5060-11-0x00007FFD07610000-0x00007FFD080D1000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/5060-12-0x00007FFD07610000-0x00007FFD080D1000-memory.dmp

        Filesize

        10.8MB

        Download