Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

crack.dll

windows7-x64

1

crack.dll

windows10-2004-x64

1

loader.exe

windows7-x64

7

loader.exe

windows10-2004-x64

9

privatools.exe

windows7-x64

7

privatools.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    23/08/2024, 21:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    privatools.exe

  • Size

    37.9MB

  • MD5

    45f5f568b7ee52fa38c7683d7948ba4c

  • SHA1

    d9c0676464a89f002bf34d26547fa47df2bc9132

  • SHA256

    95c3197b3d1c6161cae995ad4580124d26d7025b809b99ac1c1180a103fa1ec0

  • SHA512

    ad1b04de3aa5354d06efd51e1006330a526b2aa4be9b335fea3a083e69a434a732b52a983633c3effb0c08484c78b58006da6cc0783a5591e9419621b8071d8f

  • SSDEEP

    786432:4WQtskXCcDlS9cQEWhhQCLL/JdCjUEzjLxi0xpQFu4QBWaFuJR8:rQtBXyOQJbF/+LzjLxi0PQw4QBz

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\privatools.exe
    "C:\Users\Admin\AppData\Local\Temp\privatools.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1620
    • C:\Users\Admin\AppData\Local\Temp\privatools.exe
      "C:\Users\Admin\AppData\Local\Temp\privatools.exe"
      2⤵
      • Loads dropped DLL
      PID:784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI16202\api-ms-win-core-file-l1-2-0.dll
    Filesize

    13KB

    MD5

    e36ac4af8b02564857edaa68e2bbe1c0

    SHA1

    b6b379261b5432b019b4182b7be50ae61c1fd06e

    SHA256

    4237c0d089329b605d5416dae4005e1c4808a284b51dbaafe07a4b2cc7fcfb00

    SHA512

    61a6b2cd08ee54765d9ec6d2d1ae1b898b40a718eee022c74300a1c640afc7bbb43e7269e3caf42703991507e354566aca6923ea9e32bb513f4a1504feff2e4a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI16202\api-ms-win-core-file-l2-1-0.dll
    Filesize

    13KB

    MD5

    e8bdf021f69a63aa761ee231ace7efbe

    SHA1

    f1ba959f0c196748c9fd7a81f4b626075fd8afe9

    SHA256

    d0d8495562a6c8b7f6d68dcd9dbd096dc5b68a5f337b7fd0b1fea60014c25adb

    SHA512

    f16dfc423cfa60c11d215db3448b93c7f3b405f96002ba636068f51f2de1971b4ccd8b020fad1b761ab82e8692a80872668d0baf9a560ad012f30ae440d73c81

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI16202\api-ms-win-core-localization-l1-2-0.dll
    Filesize

    15KB

    MD5

    7f1ee2e33c903c7ea23dc80a19d6ec3c

    SHA1

    5e533f79dd14268c42e426efb1d3c3d29106e47e

    SHA256

    2ae12476304e22e7f31c71398fcf0acb626a6b44b37a7f68b6357cd049567d2f

    SHA512

    266f0337c1ea2c39b6248c5db9b8f500dca7664c11e72abcf37b3e04b541ec8f7efa84d46980c0bf007cdc8df726703de5bb04bc7c62da4e99d354d7cb4cafaa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI16202\api-ms-win-core-processthreads-l1-1-1.dll
    Filesize

    13KB

    MD5

    92233d5f2057a6c99939e1549c8a63ab

    SHA1

    3e9a3b9e362025410d69458727462bb6338198f0

    SHA256

    6fe93c03cb84c7be2e8ef5c12f6c1595861c78edd1e099137f0c0866dc2fa5d0

    SHA512

    9aff968531a3cab229b3b5d216299149bf6ecf03086c5ddbe5a09ed52b62434ceffcf245be6306d7308e478acc5c445e1a6494491c0e8627818ec2472ce052fb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI16202\api-ms-win-core-timezone-l1-1-0.dll
    Filesize

    13KB

    MD5

    49100ae18d47b3a944205adb0820ff90

    SHA1

    5ecd49104c4f5c15a4147bfee35c6b9ac1291d0f

    SHA256

    53ecaca6e272bb4b283013a76a23004f8fa5bc0340d171b764c2bbd856e26a1f

    SHA512

    899a5b3f1b9a93db634507bde71be8157acba6fac4af3d35d08fca598a7cf6dc5c5d16fa122493a0516c13a22466909165ff94ef99ec9f394cbf2f2ced7a82cc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI16202\python311.dll
    Filesize

    5.5MB

    MD5

    5a5dd7cad8028097842b0afef45bfbcf

    SHA1

    e247a2e460687c607253949c52ae2801ff35dc4a

    SHA256

    a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce

    SHA512

    e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI16202\ucrtbase.dll
    Filesize

    987KB

    MD5

    d40325e6c994228a3403f8ba8f24601f

    SHA1

    6266b5dc2001ffd75da3588dd7c43027a706589d

    SHA256

    a2ab58e44828009f6dafe54dd5ed57edfa6b09641e3c8eaa473b37e5b0e2b862

    SHA512

    59e712713d6492fa1b002da34bc9db82a85e19d13b694b77b57db1030681432c41705d56e9f75031ed9522d43a344d1475c745af7c8c92f70f7fc78e8b8895f9

    Download Submit