Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

fake.exe

windows7-x64

fake.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    104s
  • max time network
    106s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07/09/2024, 14:58

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    fake.exe

  • Size

    11.9MB

  • MD5

    0b22cd20444de235b33f7e5c3d26184b

  • SHA1

    817a802173c4f80bc0d7938c62815214824d4510

  • SHA256

    de7bb058ee6ff390b0f31b999dcfdf685af455a37b139f21cca7bf751100b153

  • SHA512

    62260ba946b586610ab447581bae56c7aadd0f38c794b6d44770e3386ce167c6a6315ffd644b61b5ca32b5b3d86a715f5dcf984a0f5bf15b50d10873fc86c1e3

  • SSDEEP

    196608:3Kucb0W8/LuwuLlA1HeT39IigwE1ncKOVVthIUu79u5Y3J7KukEtQqNHNe+PdMJ:zcwW8Rr1+TtIiFg0VNs5u6FWE6QKJ

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fake.exe
    "C:\Users\Admin\AppData\Local\Temp\fake.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2480
    • C:\Users\Admin\AppData\Local\Temp\fake.exe
      "C:\Users\Admin\AppData\Local\Temp\fake.exe"
      2⤵
      • Loads dropped DLL
      PID:1796
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:2920
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x7c
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2548
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:1056

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\_MEI24802\python312.dll
        Filesize

        6.6MB

        MD5

        d521654d889666a0bc753320f071ef60

        SHA1

        5fd9b90c5d0527e53c199f94bad540c1e0985db6

        SHA256

        21700f0bad5769a1b61ea408dc0a140ffd0a356a774c6eb0cc70e574b929d2e2

        SHA512

        7a726835423a36de80fb29ef65dfe7150bd1567cac6f3569e24d9fe091496c807556d0150456429a3d1a6fd2ed0b8ae3128ea3b8674c97f42ce7c897719d2cd3

        Download Submit

      • memory/1056-1900-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2920-1899-0x0000000002D90000-0x0000000002D91000-memory.dmp

        Filesize

        4KB

        Download