Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
5Timrex Per.../1.exe
windows10-2004-x64
7Timrex Per.../2.exe
windows10-2004-x64
7Timrex Per.../3.exe
windows10-2004-x64
7Timrex Per...rm.exe
windows10-2004-x64
6Timrex Per...ls.bat
windows10-2004-x64
1Timrex Per...n].bat
windows10-2004-x64
1Timrex Per...gs.vbs
windows10-2004-x64
1Timrex Per...ol.exe
windows10-2004-x64
5Analysis
-
max time kernel
15s -
max time network
17s -
platform
windows10-2004_x64 -
resource
win10v2004-20250129-en -
resource tags
arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system -
submitted
01/02/2025, 11:35
Behavioral task
behavioral1
Sample
Timrex Perm/Timrex Perm/Download this first/1.exe
Resource
win10v2004-20250129-en
Behavioral task
behavioral2
Sample
Timrex Perm/Timrex Perm/Download this first/2.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Timrex Perm/Timrex Perm/Download this first/3.exe
Resource
win10v2004-20250129-en
Behavioral task
behavioral4
Sample
Timrex Perm/Timrex Perm/Perm.exe
Resource
win10v2004-20250129-en
Behavioral task
behavioral5
Sample
Timrex Perm/Timrex Perm/Serial checker/Timrex Serials.bat
Resource
win10v2004-20250129-en
Behavioral task
behavioral6
Sample
Timrex Perm/Timrex Perm/Wifi & Bluetooth disabler/Disabler [Run Admin].bat
Resource
win10v2004-20250129-en
Behavioral task
behavioral7
Sample
Timrex Perm/Timrex Perm/defender control/Defender_Settings.vbs
Resource
win10v2004-20241007-en
General
-
Target
Timrex Perm/Timrex Perm/Perm.exe
-
Size
22KB
-
MD5
281698d0a353c1310cd43952998d11c0
-
SHA1
8d7588a8d40e933585f13b371822a06c9864e845
-
SHA256
17c29bbf8c4d0a602e1e6cd8010955cdcc1514e3114a46a0ac3278d0e7fc9819
-
SHA512
e5f6b2d7bdcd3688cf8a2deb159fcf66b4fac9afe033e6b83d0f861a5f1dc5b236b67fe261e614d1ac2cba55ae2fc9575424ab34f65002e2427f02aa085dfff4
-
SSDEEP
384:QGGuN6cMKifIYCuD59Z+J/rMLGk79jle1eOLQDa91VHHqTZfTnlYc3qeU0:rGuNlifh1D5KJ/rMKk7SkqQD8VqFlYc+
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 1 pastebin.com 2 pastebin.com -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1912 Perm.exe