Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

CustomNotepad.exe

windows7-x64

1

CustomNotepad.exe

windows10-1703-x64

1

Analysis

  • max time kernel
    152s
  • max time network
    20s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12/09/2024, 13:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CustomNotepad.exe

  • Size

    141.6MB

  • MD5

    fafaaf268fbb8cf5571920aa23ffa4b0

  • SHA1

    8f1a6d613bb1ffd219e5380e66c5d5349cd1cd88

  • SHA256

    308473be2e81182d3b01ac9fb9d12168b25397186ae6c325702953728e1f52ec

  • SHA512

    6c7aba16bf44f8fff2f554c181630e294c22c72e69a390f8c8a4383e6eebb0164481a63aa36123244abecffc6e8026b8cd99b7c956e9760f6c4bf1c935b553db

  • SSDEEP

    786432:NW2CUJfgreBVNrPVsWN3KPqiVZb6Sc8CjWi3HTK6aTtLwSTRpf4P1wT1wim:NR1grOVNBsTVZb6ii3H2rm

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes

  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2260
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x484
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2780
    • C:\Users\Admin\AppData\Local\Temp\CustomNotepad.exe
      "C:\Users\Admin\AppData\Local\Temp\CustomNotepad.exe"
      1⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2824

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2824-1-0x0000000180000000-0x0000000180A25000-memory.dmp

      Filesize

      10.1MB

      Download

    • memory/2824-3-0x000000014036E000-0x000000014036F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2824-7-0x0000000000130000-0x0000000000170000-memory.dmp

      Filesize

      256KB

      Download

    • memory/2824-4-0x00000000002F0000-0x0000000000303000-memory.dmp

      Filesize

      76KB

      Download

    • memory/2824-11-0x0000000003E80000-0x0000000004B31000-memory.dmp

      Filesize

      12.7MB

      Download

    • memory/2824-31-0x00000000005D0000-0x00000000005F1000-memory.dmp

      Filesize

      132KB

      Download

    • memory/2824-34-0x0000000000350000-0x0000000000357000-memory.dmp

      Filesize

      28KB

      Download

    • memory/2824-37-0x0000000000310000-0x000000000031A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2824-43-0x0000000002290000-0x00000000022BA000-memory.dmp

      Filesize

      168KB

      Download

    • memory/2824-40-0x0000000002920000-0x0000000002961000-memory.dmp

      Filesize

      260KB

      Download

    • memory/2824-52-0x0000000001F00000-0x0000000001F16000-memory.dmp

      Filesize

      88KB

      Download

    • memory/2824-49-0x0000000000600000-0x0000000000605000-memory.dmp

      Filesize

      20KB

      Download

    • memory/2824-46-0x0000000002EE0000-0x0000000002F95000-memory.dmp

      Filesize

      724KB

      Download

    • memory/2824-28-0x00000000033C0000-0x00000000034BE000-memory.dmp

      Filesize

      1016KB

      Download

    • memory/2824-25-0x00000000005B0000-0x00000000005C8000-memory.dmp

      Filesize

      96KB

      Download

    • memory/2824-22-0x0000000000590000-0x00000000005B0000-memory.dmp

      Filesize

      128KB

      Download

    • memory/2824-19-0x0000000000320000-0x000000000032D000-memory.dmp

      Filesize

      52KB

      Download

    • memory/2824-16-0x0000000002E10000-0x0000000002ED1000-memory.dmp

      Filesize

      772KB

      Download

    • memory/2824-13-0x0000000000330000-0x0000000000342000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2824-55-0x0000000001ED0000-0x0000000001EED000-memory.dmp

      Filesize

      116KB

      Download

    • memory/2824-61-0x0000000003990000-0x0000000003A12000-memory.dmp

      Filesize

      520KB

      Download

    • memory/2824-58-0x0000000001FB0000-0x0000000001FC6000-memory.dmp

      Filesize

      88KB

      Download

    • memory/2824-65-0x0000000001F90000-0x0000000001FA9000-memory.dmp

      Filesize

      100KB

      Download

    • memory/2824-76-0x000000014036E000-0x000000014036F000-memory.dmp

      Filesize

      4KB

      Download