Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    17/10/2024, 15:40 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    553KB

  • MD5

    b6a413057aff513253600024455b806d

  • SHA1

    6db45c473adbdf60f4a57e46468f4d15e0547213

  • SHA256

    1e4d548172c9ed335ba2d27c2476d9bd8751b1a50361fa27b5ebc87b5a21d9fe

  • SHA512

    bf9d9c068a6ad30aac6d13defd0324d27fc6d24ffdde301bb6b987e41a48a81ec0e6d517ab0d0c9c4fb25688a15527bde1ef4f09ca6f7805a356bbd2c7c4d8c2

  • SSDEEP

    12288:CLV6Btpmk1snK2GEAx+uQQypWTKKoIXpV8mwetC370wA4A50hCEk:gApf1sKPYuQPpjKoIkNIwyAi

Score
10/10
nanocorediscoveryevasionkeyloggerspywarestealertrojan

Malware Config

Signatures

  • NanoCore

    NanoCore is a remote access tool (RAT) with a variety of capabilities.

    keyloggertrojanstealerspywarenanocore
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Checks whether UAC is enabled
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2408
    • C:\Windows\SysWOW64\schtasks.exe
      "schtasks.exe" /create /f /tn "UDP Service" /xml "C:\Users\Admin\AppData\Local\Temp\tmp94C1.tmp"
      2⤵
      • System Location Discovery: System Language Discovery
      • Scheduled Task/Job: Scheduled Task
      PID:2540

Network

    No results found
  • 82.165.0.52:54984
    file.exe
    152 B
     3
  • 82.165.0.52:54984
    file.exe
    152 B
     3
  • 82.165.0.52:54984
    file.exe
    152 B
     3
  • 127.0.0.1:54984
    file.exe
  • 127.0.0.1:54984
    file.exe
  • 127.0.0.1:54984
    file.exe
  • 82.165.0.52:54984
    file.exe
    152 B
     3
  • 82.165.0.52:54984
    file.exe
    152 B
     3
  • 82.165.0.52:54984
    file.exe
    152 B
     3
  • 127.0.0.1:54984
    file.exe
  • 127.0.0.1:54984
    file.exe
  • 127.0.0.1:54984
    file.exe
  • 82.165.0.52:54984
    file.exe
    152 B
     3
  • 82.165.0.52:54984
    file.exe
    104 B
     2
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\tmp94C1.tmp
    Filesize

    1KB

    MD5

    5719058dd234db87508ef2540e5d8ff0

    SHA1

    669c8d71202ab3321e6619871705c06864b9c2bd

    SHA256

    74d2ad38b4aa2c15240fd3dcbf8b348c068f94e4ee6b2a9a77672912abe1cb2e

    SHA512

    6cc9107fcf2d73543f3ae2a76b4bcd63b24b8a5156abe247f26a396d00f8afa1d8a3aeb6ec5cc56e62391fff44fef9c0716e8cb47b10a9f1feb4b03f40662790

    Download Submit

  • memory/2408-0-0x0000000074D51000-0x0000000074D52000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2408-1-0x0000000074D50000-0x00000000752FB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2408-2-0x0000000074D50000-0x00000000752FB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2408-7-0x0000000074D50000-0x00000000752FB000-memory.dmp

    Filesize

    5.7MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.