Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

f593b73c91...07.exe

windows7-x64

10

f593b73c91...07.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2024, 21:11 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe

  • Size

    353KB

  • MD5

    dba9c11e2f0b6a3ded91c9c87ce79f72

  • SHA1

    6b4b47cd1f9ed1aefe209a40f9c54c1e16db25d6

  • SHA256

    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07

  • SHA512

    019009734e53f03eed7f42f638983fd06728fa84844021ae79e3b2bdccc4b0b2701f2779bebde466c327363d0637df9f50bebb253d39a70eec63ba19be9cac12

  • SSDEEP

    6144:I/Bg80VmNTBo/x95ZjAetGDN3VFNq7pC+9OqFoK30b3ni5rdQY/CdUOs2:I/s4NTS/x9jNG+w+9OqFoK323qdQYKUG

Score
10/10
mimikatzbootkitdiscoverypersistencespywarestealer

Malware Config

Signatures

  • Mimikatz

    mimikatz is an open source tool to dump credentials on Windows.

    mimikatz
  • Mimikatz family
    mimikatz
  • mimikatz is an open source tool to dump credentials on Windows 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
    "C:\Users\Admin\AppData\Local\Temp\f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2668
    • C:\Windows\SysWOW64\cmd.exe
      /c schtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 22:14
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2752
      • C:\Windows\SysWOW64\schtasks.exe
        schtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 22:14
        3⤵
        • System Location Discovery: System Language Discovery
        • Scheduled Task/Job: Scheduled Task
        PID:2780
    • C:\Users\Admin\AppData\Local\Temp\EB49.tmp
      "C:\Users\Admin\AppData\Local\Temp\EB49.tmp" \\.\pipe\{D334B4A9-3F34-4E23-BB95-8D99E433F98F}
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2824

Network

    No results found
  • 10.127.0.0:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.0:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.1:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
    52 B
     1
  • 10.127.0.1:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
    52 B
     1
  • 10.127.0.2:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.2:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.3:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.3:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.4:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.4:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.5:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.5:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.6:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.6:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.7:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.7:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.8:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.8:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.9:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.9:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.10:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.10:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.11:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.11:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.12:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.12:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.13:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.13:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.14:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.14:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.15:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.15:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.16:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.16:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.17:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.17:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.18:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.18:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.19:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.19:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.20:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.20:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.21:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.21:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.22:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.22:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.23:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.23:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.24:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.24:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.25:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.25:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.26:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.26:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.27:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.27:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.28:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.28:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.29:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.29:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.30:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.30:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.31:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.31:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.32:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.32:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.33:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.33:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.34:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.34:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.35:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.35:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.36:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.36:139
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
  • 10.127.0.37:445
    f593b73c91003518c20cdc8be04f3a1f8a68ca3ded04700f675a543ac278ab07.exe
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\EB49.tmp
    Filesize

    55KB

    MD5

    7e37ab34ecdcc3e77e24522ddfd4852d

    SHA1

    38e2855e11e353cedf9a8a4f2f2747f1c5c07fcf

    SHA256

    02ef73bd2458627ed7b397ec26ee2de2e92c71a0e7588f78734761d8edbdcd9f

    SHA512

    1b037a2aa8bf951d2ffe2f724aa0b2fbb39c2173215806ba0327bda7b096301d887f9bb7db46f9e04584b16aa6b1aaeaf67f0ecf5f20eb02ceac27c8753ca587

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.