Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    01/01/2025, 00:46 UTC

General

  • Target

    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe

  • Size

    37KB

  • MD5

    93a389000ec4dcbbae139d573e7b0d60

  • SHA1

    16a787f72716de7d215ad11d459a0f4f354dc798

  • SHA256

    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816

  • SHA512

    7dcdd2fb34c0498850b6c2f8cc97155bb082527d185fca710a33ded92bab8bac9ed01cefb67c26b263db47dcde2de3fd59706f2bd81582b09fed601eefa1976b

  • SSDEEP

    384:EcN+6WIiejtCVLO309Qmykrt4QdqMjf+vWEWYrAF+rMRTyN/0L+EcoinblneHQM:LoHdGdkrOGb+eE7rM+rMRa8NupHt

Malware Config

Signatures

  • Modifies Windows Firewall 2 TTPs 1 IoCs
  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of AdjustPrivilegeToken 29 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1980
    • C:\Windows\SysWOW64\netsh.exe
      netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe" "9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe" ENABLE
      2⤵
      • Modifies Windows Firewall
      • Event Triggered Execution: Netsh Helper DLL
      • System Location Discovery: System Language Discovery
      PID:1932

Network

    No results found
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
  • 127.0.0.1:5552
    9f5aa25adaa95bc0bfaab044cadddf8da160c33a88ffe98c3f91817802446816N.exe
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1980-0-0x0000000074BC1000-0x0000000074BC2000-memory.dmp

    Filesize

    4KB

  • memory/1980-1-0x0000000074BC0000-0x000000007516B000-memory.dmp

    Filesize

    5.7MB

  • memory/1980-2-0x0000000074BC0000-0x000000007516B000-memory.dmp

    Filesize

    5.7MB

  • memory/1980-3-0x0000000074BC0000-0x000000007516B000-memory.dmp

    Filesize

    5.7MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.