Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

test.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/10/2024, 21:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    test.exe

  • Size

    2.7MB

  • MD5

    df7e347342e7b3c21a395b8a50ff4b4d

  • SHA1

    d82b30b0917bd84b31d9ba3598a4a61332a0570d

  • SHA256

    1bc77bb85046bc29c5e72b97f0d604c5566c6f8db754dc9f92767506403644d1

  • SHA512

    4e7d8bb5ec9349081ea057b92a538668d3cf1746ea434bb8df44b560c74ce5236189dee2aa2d597f8522da71b4211280cb328a1e1b321b9cb13218f9d9c92363

  • SSDEEP

    24576:GpSyFci43L0B+K1hr5EJa4esU5FsDxdz8FQG+Ec0xMki8UsU3AoQ0qDt5KBMJ:GpSyFci4b0B+K1hlEbT8S80qDt5KBMJ

Score
1/10

Malware Config

Signatures

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 45 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\test.exe
    "C:\Users\Admin\AppData\Local\Temp\test.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1056
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c wmic path win32_videocontroller get videoprocessor
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1260
      • C:\Windows\System32\Wbem\WMIC.exe
        wmic path win32_videocontroller get videoprocessor
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:4720
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2192

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1056-0-0x00007FF732630000-0x00007FF73277C000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2192-1-0x00000278743D0000-0x00000278743D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2192-2-0x00000278743D0000-0x00000278743D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2192-3-0x00000278743D0000-0x00000278743D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2192-8-0x00000278743D0000-0x00000278743D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2192-13-0x00000278743D0000-0x00000278743D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2192-12-0x00000278743D0000-0x00000278743D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2192-11-0x00000278743D0000-0x00000278743D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2192-10-0x00000278743D0000-0x00000278743D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2192-7-0x00000278743D0000-0x00000278743D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2192-9-0x00000278743D0000-0x00000278743D1000-memory.dmp

    Filesize

    4KB

    Download