Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

07f68a6d0c...d9.exe

windows7-x64

10

07f68a6d0c...d9.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2024, 20:14 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    07f68a6d0c1b1e97c5ec147b21c0a9646013b1c9e90789c51dd3d87469cdcfd9.exe

  • Size

    290KB

  • MD5

    e0ce4768c42e1f857b3a31016db2314b

  • SHA1

    f8a08bca5b0e682db91c5ae90f48aedf30378de5

  • SHA256

    07f68a6d0c1b1e97c5ec147b21c0a9646013b1c9e90789c51dd3d87469cdcfd9

  • SHA512

    a7e60e65f723efdede2a593a15afbdb781924e5d92d8fe4d7ae6b3768ca5dde289efae064919765e28bb7464da50083668df9ab24c3d8851864ab57ba16bf5bd

  • SSDEEP

    6144:I7m697rqzqqLEaGDqWoWrSuzidnKjrqnbqdn9:2t9krLEaGDqArXzidnHc

Score
10/10
plugxdiscoverytrojan

Malware Config

Signatures

  • Detects PlugX payload 17 IoCs
  • PlugX

    PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

    trojanplugx
  • Executes dropped EXE 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 30 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\07f68a6d0c1b1e97c5ec147b21c0a9646013b1c9e90789c51dd3d87469cdcfd9.exe
    "C:\Users\Admin\AppData\Local\Temp\07f68a6d0c1b1e97c5ec147b21c0a9646013b1c9e90789c51dd3d87469cdcfd9.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1232
    • C:\Windows\SysWOW64\svchost.exe
      C:\Windows\SysWOW64\svchost.exe 100 1232
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2184
  • C:\ProgramData\NVIDIASmart\SxS.exe
    "C:\ProgramData\NVIDIASmart\SxS.exe" 200 0
    1⤵
    • Executes dropped EXE
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\Windows\SysWOW64\svchost.exe
      C:\Windows\SysWOW64\svchost.exe 201 0
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1972
      • C:\Windows\SysWOW64\msiexec.exe
        C:\Windows\system32\msiexec.exe 209 1972
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        PID:2908

Network

    No results found
  • 27.124.43.101:8080
    svchost.exe
    152 B
     80 B
     3
    2
  • 192.168.92.1:443
    svchost.exe
    152 B
     3
  • 192.168.77.1:23
    svchost.exe
    152 B
     3
  • 192.168.77.1:8081
    svchost.exe
    152 B
     3
  • 27.124.43.101:8080
    svchost.exe
    152 B
     120 B
     3
    3
  • 192.168.92.1:443
    svchost.exe
    152 B
     3
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\NVIDIASmart\SxS.exe
    Filesize

    290KB

    MD5

    e0ce4768c42e1f857b3a31016db2314b

    SHA1

    f8a08bca5b0e682db91c5ae90f48aedf30378de5

    SHA256

    07f68a6d0c1b1e97c5ec147b21c0a9646013b1c9e90789c51dd3d87469cdcfd9

    SHA512

    a7e60e65f723efdede2a593a15afbdb781924e5d92d8fe4d7ae6b3768ca5dde289efae064919765e28bb7464da50083668df9ab24c3d8851864ab57ba16bf5bd

    Download Submit

  • memory/1232-38-0x0000000000550000-0x000000000058D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1232-0-0x0000000000550000-0x000000000058D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1972-52-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1972-32-0x0000000000080000-0x0000000000081000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1972-33-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1972-21-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1972-34-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1972-19-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1972-35-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1972-36-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2184-7-0x0000000000240000-0x000000000027D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2184-3-0x00000000000D0000-0x00000000000D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2184-40-0x0000000000240000-0x000000000027D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2184-4-0x00000000000E0000-0x0000000000101000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2184-6-0x00000000000C0000-0x00000000000C2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2184-2-0x00000000000C0000-0x00000000000C2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2188-13-0x0000000000450000-0x000000000048D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2188-26-0x0000000000450000-0x000000000048D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2908-47-0x0000000000330000-0x000000000036D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2908-51-0x0000000000330000-0x000000000036D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2908-50-0x0000000000330000-0x000000000036D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2908-49-0x0000000000330000-0x000000000036D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2908-48-0x00000000000F0000-0x00000000000F1000-memory.dmp

    Filesize

    4KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.