Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

out.exe

windows11-21h2-x64

3

Resubmissions

08/09/2024, 10:04

240908-l4c4tascng 10

08/09/2024, 08:28

240908-kcy2jawbkq 3

Analysis

  • max time kernel
    32s
  • max time network
    34s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    08/09/2024, 08:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    out.exe

  • Size

    16.9MB

  • MD5

    235edc61d61a829211f69a9b1ebbefef

  • SHA1

    26a514d764ff20423dee2908c939df3449dc211b

  • SHA256

    01568de8658e767ee3669e2f5550bec292f1251ca82d20f550c7cf971b483f7a

  • SHA512

    3d9ad8366924e29d1aa05c4bf4ce7d28b3cd750425972279c4c6fd1d643c20b50ad95e1d484d1f05466d1c80cb792b46504f9a74e10680e3498b251927a20190

  • SSDEEP

    393216:U8Hx7YprcracUfd80cxD1eTMV6MByDR5rUmlrVeE7gqfXiddT7zK/CEf:2XmK/b

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 29 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 40 IoCs
  • Suspicious use of SendNotifyMessage 40 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\out.exe
    "C:\Users\Admin\AppData\Local\Temp\out.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:3172
  • C:\Windows\System32\Taskmgr.exe
    "C:\Windows\System32\Taskmgr.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2092

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2092-2-0x0000018C14160000-0x0000018C14161000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2092-1-0x0000018C14160000-0x0000018C14161000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2092-0-0x0000018C14160000-0x0000018C14161000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2092-12-0x0000018C14160000-0x0000018C14161000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2092-10-0x0000018C14160000-0x0000018C14161000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2092-8-0x0000018C14160000-0x0000018C14161000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2092-7-0x0000018C14160000-0x0000018C14161000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2092-6-0x0000018C14160000-0x0000018C14161000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2092-9-0x0000018C14160000-0x0000018C14161000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2092-11-0x0000018C14160000-0x0000018C14161000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3172-15-0x0000000001710000-0x000000000171A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3172-14-0x0000000001710000-0x000000000171A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3172-20-0x0000000001C90000-0x0000000001CA7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/3172-21-0x0000000001C90000-0x0000000001CA7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/3172-19-0x0000000001C80000-0x0000000001C84000-memory.dmp

    Filesize

    16KB

    Download

  • memory/3172-18-0x0000000001C80000-0x0000000001C84000-memory.dmp

    Filesize

    16KB

    Download

  • memory/3172-17-0x0000000001C70000-0x0000000001C77000-memory.dmp

    Filesize

    28KB

    Download

  • memory/3172-16-0x0000000001C70000-0x0000000001C77000-memory.dmp

    Filesize

    28KB

    Download

  • memory/3172-13-0x0000000000400000-0x00000000015AD000-memory.dmp

    Filesize

    17.7MB

    Download