Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

Software.exe

windows10-ltsc_2021-x64

10

Analysis

  • max time kernel
    19s
  • max time network
    25s
  • platform
    windows10-ltsc_2021_x64
  • resource
    win10ltsc2021-20250314-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
  • submitted
    15/03/2025, 22:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Software.exe

  • Size

    1.6MB

  • MD5

    db056b8fa628b67e11bd626192939d6b

  • SHA1

    248ca50f39de6b6180265d19fb6eedc68bf25afc

  • SHA256

    e7f04e85236f0caafe518bd96369313021969077dba1c4a6d42e694498dab04f

  • SHA512

    bca1856b4bb8342c0f6d5ee19edcb420c70e6b272f087d3f8f73daa00842fa00037840a5eb5655e1445af8d578d304874323b2889f75b27136df9366df596336

  • SSDEEP

    24576:ytb20pkaCqT5TBWgNQ7ayEYyM63uUOyok0ceJZwd/w9mML9eu4MaMUp46A:/Vg5tQ7ayExZO9k0waPLR4Ma25

Score
10/10
imminentdiscoveryspywaretrojan

Malware Config

Signatures

  • Imminent RAT

    Remote-access trojan based on Imminent Monitor remote admin software.

    trojanspywareimminent
  • Imminent family
    imminent
  • Drops startup file 2 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 25 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Software.exe
    "C:\Users\Admin\AppData\Local\Temp\Software.exe"
    1⤵
    • Drops startup file
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1632
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
      2⤵
        PID:5880
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:4660
    • C:\Windows\system32\wbem\WmiApSrv.exe
      C:\Windows\system32\wbem\WmiApSrv.exe
      1⤵
        PID:4772
      • C:\Windows\system32\taskmgr.exe
        "C:\Windows\system32\taskmgr.exe" /4
        1⤵
        • Drops startup file
        • Checks SCSI registry key(s)
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:5012

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MAmOR.com.url
        Filesize

        80B

        MD5

        7f5321fdd8572b5e213990536e0e172a

        SHA1

        3453ef7729ef9ff79d7f9e5a75ad5d2eb46e43c2

        SHA256

        97305088e7cfa90c46e88ff2f71cfa331051b585f94f2231791aa855dea2ef05

        SHA512

        702315bf40343ebe2f1911db8be5d2c07c36598ea672dc9b5f84bd4f641b6e1dbc68871d7ede259d1fa4b11b9562b01e2836a221ab6a141cc0e101ec4302d63c

        Download Submit

      • memory/4660-18-0x0000000005CB0000-0x0000000005CBA000-memory.dmp

        Filesize

        40KB

        Download

      • memory/4660-14-0x0000000007170000-0x0000000007202000-memory.dmp

        Filesize

        584KB

        Download

      • memory/4660-9-0x0000000073B50000-0x0000000074301000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/4660-10-0x0000000005B10000-0x0000000005BBE000-memory.dmp

        Filesize

        696KB

        Download

      • memory/4660-11-0x0000000005930000-0x0000000005958000-memory.dmp

        Filesize

        160KB

        Download

      • memory/4660-12-0x0000000006F90000-0x000000000702C000-memory.dmp

        Filesize

        624KB

        Download

      • memory/4660-13-0x00000000075E0000-0x0000000007B86000-memory.dmp

        Filesize

        5.6MB

        Download

      • memory/4660-37-0x0000000073B5E000-0x0000000073B5F000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4660-15-0x0000000007C00000-0x0000000007C66000-memory.dmp

        Filesize

        408KB

        Download

      • memory/4660-16-0x0000000007CB0000-0x0000000007CC8000-memory.dmp

        Filesize

        96KB

        Download

      • memory/4660-17-0x0000000008260000-0x0000000008276000-memory.dmp

        Filesize

        88KB

        Download

      • memory/4660-6-0x0000000000400000-0x0000000000456000-memory.dmp

        Filesize

        344KB

        Download

      • memory/4660-8-0x00000000033E0000-0x00000000033F0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4660-7-0x0000000073B5E000-0x0000000073B5F000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4660-38-0x0000000073B50000-0x0000000074301000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/5012-30-0x000002A27BCD0000-0x000002A27BCD1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/5012-35-0x000002A27BCD0000-0x000002A27BCD1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/5012-34-0x000002A27BCD0000-0x000002A27BCD1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/5012-33-0x000002A27BCD0000-0x000002A27BCD1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/5012-32-0x000002A27BCD0000-0x000002A27BCD1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/5012-31-0x000002A27BCD0000-0x000002A27BCD1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/5012-26-0x000002A27BCD0000-0x000002A27BCD1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/5012-36-0x000002A27BCD0000-0x000002A27BCD1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/5012-24-0x000002A27BCD0000-0x000002A27BCD1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/5012-25-0x000002A27BCD0000-0x000002A27BCD1000-memory.dmp

        Filesize

        4KB

        Download