Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

XtremeShel...le.exe

windows7-x64

XtremeShel...le.exe

windows10-2004-x64

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06/09/2024, 18:50

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    XtremeShell 4.3 Portable.exe

  • Size

    9.1MB

  • MD5

    71151b0df6c008855a004b2975e3f822

  • SHA1

    a07eb40d7badde7dc462c8a83d648cbdafe36acd

  • SHA256

    fc44937657804765aa8a05b2faf58fca83738edcacf9bb3c64770b8fc9cb6a6f

  • SHA512

    7daafaebf54ed538e109dd5b71363994967dadcf282cd05b7923a2cc9ca6adff9ba6472332cd44c9a2ee1be77b6793631b78cbd9fda1c6d5bd80ef6d63176963

  • SSDEEP

    196608:hXVAqaXa6JfRYmEac7V8QW5oiwDkZUuYGZKQlX8yC3O13:hFANrYmEaCmj5oiwDkO+KdlK

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\XtremeShell 4.3 Portable.exe
    "C:\Users\Admin\AppData\Local\Temp\XtremeShell 4.3 Portable.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2536
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2536 -s 516
      2⤵
        PID:2068
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x0
      1⤵
        PID:1736
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x5a0
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1204
      • C:\Windows\system32\LogonUI.exe
        "LogonUI.exe" /flags:0x1
        1⤵
          PID:2648

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1736-6-0x0000000002EE0000-0x0000000002EE1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2536-0-0x000007FEF56B3000-0x000007FEF56B4000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2536-1-0x000000013F9B0000-0x00000001402D0000-memory.dmp

          Filesize

          9.1MB

          Download

        • memory/2536-2-0x000007FEF56B0000-0x000007FEF609C000-memory.dmp

          Filesize

          9.9MB

          Download

        • memory/2536-3-0x000007FEF56B3000-0x000007FEF56B4000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2536-4-0x000007FEF56B0000-0x000007FEF609C000-memory.dmp

          Filesize

          9.9MB

          Download

        • memory/2536-5-0x000007FEF56B0000-0x000007FEF609C000-memory.dmp

          Filesize

          9.9MB

          Download

        • memory/2648-7-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

          Filesize

          4KB

          Download