Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    15s
  • max time network
    17s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250129-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/02/2025, 11:35

General

  • Target

    Timrex Perm/Timrex Perm/Perm.exe

  • Size

    22KB

  • MD5

    281698d0a353c1310cd43952998d11c0

  • SHA1

    8d7588a8d40e933585f13b371822a06c9864e845

  • SHA256

    17c29bbf8c4d0a602e1e6cd8010955cdcc1514e3114a46a0ac3278d0e7fc9819

  • SHA512

    e5f6b2d7bdcd3688cf8a2deb159fcf66b4fac9afe033e6b83d0f861a5f1dc5b236b67fe261e614d1ac2cba55ae2fc9575424ab34f65002e2427f02aa085dfff4

  • SSDEEP

    384:QGGuN6cMKifIYCuD59Z+J/rMLGk79jle1eOLQDa91VHHqTZfTnlYc3qeU0:rGuNlifh1D5KJ/rMKk7SkqQD8VqFlYc+

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Timrex Perm\Timrex Perm\Perm.exe
    "C:\Users\Admin\AppData\Local\Temp\Timrex Perm\Timrex Perm\Perm.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1912

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1912-0-0x00007FFB7ADF3000-0x00007FFB7ADF5000-memory.dmp

    Filesize

    8KB

  • memory/1912-1-0x0000020436340000-0x000002043634A000-memory.dmp

    Filesize

    40KB

  • memory/1912-2-0x00000204366E0000-0x00000204366E6000-memory.dmp

    Filesize

    24KB

  • memory/1912-3-0x00007FFB7ADF0000-0x00007FFB7B8B1000-memory.dmp

    Filesize

    10.8MB

  • memory/1912-5-0x00007FFB7ADF0000-0x00007FFB7B8B1000-memory.dmp

    Filesize

    10.8MB