4acea05ab0905a50470e55fcb4575e6feee6e7f5ae857bdd388818cee7a562c6

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

5066d63f68...41.exe

windows7-x64

5066d63f68...41.exe

windows10-2004-x64

508fd9ddd0...0e.exe

windows7-x64

508fd9ddd0...0e.exe

windows10-2004-x64

50a0e27c44...1b.exe

windows7-x64

50a0e27c44...1b.exe

windows10-2004-x64

50ca83ea97...a1.exe

windows7-x64

50ca83ea97...a1.exe

windows10-2004-x64

5131f70fe8...c9.exe

windows7-x64

5131f70fe8...c9.exe

windows10-2004-x64

51a043361b...63.exe

windows7-x64

51a043361b...63.exe

windows10-2004-x64

51ae5a5c12...16.exe

windows7-x64

51ae5a5c12...16.exe

windows10-2004-x64

51bce03659...62.exe

windows7-x64

51bce03659...62.exe

windows10-2004-x64

521cf0805a...97.exe

windows7-x64

521cf0805a...97.exe

windows10-2004-x64

5250379192...f1.exe

windows7-x64

5250379192...f1.exe

windows10-2004-x64

5271d48de9...2e.exe

windows7-x64

5271d48de9...2e.exe

windows10-2004-x64

52af658910...b8.exe

windows7-x64

52af658910...b8.exe

windows10-2004-x64

52ef63d721...1f.exe

windows7-x64

52ef63d721...1f.exe

windows10-2004-x64

53008e68ab...9e.exe

windows7-x64

53008e68ab...9e.exe

windows10-2004-x64

535aeca70c...a0.exe

windows7-x64

535aeca70c...a0.exe

windows10-2004-x64

5370f14c68...3e.exe

windows7-x64

5370f14c68...3e.exe

windows10-2004-x64

Analysis

max time kernel
102s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
22/03/2025, 06:10

Sharing

Copy URL

Twitter E-mail

Static task

static1

11 signatures

Behavioral task

behavioral1

Sample

5066d63f683553725c60860d021a0d41.exe

Resource

win7-20240903-en

xworm rat trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

5066d63f683553725c60860d021a0d41.exe

Resource

win10v2004-20250314-en

xworm rat trojan

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral3

Sample

508fd9ddd025101fca7bd23c589d0a6d1e68a3f15e669df43bc930c30d35980e.exe

Resource

win7-20241023-en

defense_evasion execution trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral4

Sample

508fd9ddd025101fca7bd23c589d0a6d1e68a3f15e669df43bc930c30d35980e.exe

Resource

win10v2004-20250314-en

defense_evasion execution trojan

windows10-2004-x64

16 signatures

150 seconds

Behavioral task

behavioral5

Sample

50a0e27c44685967486053465ad72a11a9a431ddf9c9e8a5c6f47c87a76d101b.exe

Resource

win7-20240903-en

collection credential_access discovery persistence spyware stealer

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral6

Sample

50a0e27c44685967486053465ad72a11a9a431ddf9c9e8a5c6f47c87a76d101b.exe

Resource

win10v2004-20250314-en

collection credential_access discovery persistence spyware stealer

windows10-2004-x64

19 signatures

150 seconds

Behavioral task

behavioral7

Sample

50ca83ea97b149fc0cddcfe79e9ecb2a0d230da4d26f0549f5792060be18aaa1.exe

Resource

win7-20241023-en

discovery vmprotect

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral8

Sample

50ca83ea97b149fc0cddcfe79e9ecb2a0d230da4d26f0549f5792060be18aaa1.exe

Resource

win10v2004-20250314-en

discovery vmprotect

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral9

Sample

5131f70fe8e529308014ee35b2ff10c9.exe

Resource

win7-20241010-en

xworm rat trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral10

Sample

5131f70fe8e529308014ee35b2ff10c9.exe

Resource

win10v2004-20250314-en

xworm rat trojan

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral11

Sample

51a043361bd59e21a64fdb95fb472f63.exe

Resource

win7-20240903-en

metamorpherrat discovery persistence rat stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral12

Sample

51a043361bd59e21a64fdb95fb472f63.exe

Resource

win10v2004-20250314-en

discovery persistence

windows10-2004-x64

8 signatures

150 seconds

Behavioral task

behavioral13

Sample

51ae5a5c1253ce8fbc9483a1e412a144a27ec6d1dc0b6c8832a36475b8912616.exe

Resource

win7-20241010-en

collection credential_access discovery persistence spyware stealer

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral14

Sample

51ae5a5c1253ce8fbc9483a1e412a144a27ec6d1dc0b6c8832a36475b8912616.exe

Resource

win10v2004-20250314-en

collection credential_access discovery persistence spyware stealer

windows10-2004-x64

19 signatures

150 seconds

Behavioral task

behavioral15

Sample

51bce03659ae9fd8336540fcecb2bb401b5967b00829fe23554c29dc96ff9462.exe

Resource

win7-20241010-en

quasar office04 spyware trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral16

Sample

51bce03659ae9fd8336540fcecb2bb401b5967b00829fe23554c29dc96ff9462.exe

Resource

win10v2004-20250313-en

quasar office04 spyware trojan

windows10-2004-x64

7 signatures

150 seconds

Behavioral task

behavioral17

Sample

521cf0805a2515e0ccfc307f4b045897.exe

Resource

win7-20240729-en

collection credential_access discovery persistence spyware stealer

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral18

Sample

521cf0805a2515e0ccfc307f4b045897.exe

Resource

win10v2004-20250314-en

collection credential_access discovery persistence spyware stealer

windows10-2004-x64

19 signatures

150 seconds

Behavioral task

behavioral19

Sample

5250379192c5ba7c3145ad8bdf7939f44ab827de4db56a950a964fee01ea72f1.exe

Resource

win7-20241023-en

dcrat execution infostealer rat

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral20

Sample

5250379192c5ba7c3145ad8bdf7939f44ab827de4db56a950a964fee01ea72f1.exe

Resource

win10v2004-20250314-en

dcrat execution infostealer rat

windows10-2004-x64

16 signatures

150 seconds

Behavioral task

behavioral21

Sample

5271d48de9aafb06b6371ef7035e993215063cc57fa7253ff06ef6a277da772e.exe

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral22

Sample

5271d48de9aafb06b6371ef7035e993215063cc57fa7253ff06ef6a277da772e.exe

Resource

win10v2004-20250314-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral23

Sample

52af6589107938cd3e3225f3a91e05b8.exe

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

52af6589107938cd3e3225f3a91e05b8.exe

Resource

win10v2004-20250313-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral25

Sample

52ef63d7213d2cdef68a755faf5b44bd93e1eb92fb0701b37704d243c6d4861f.exe

Resource

win7-20241010-en

xworm discovery execution persistence rat trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral26

Sample

52ef63d7213d2cdef68a755faf5b44bd93e1eb92fb0701b37704d243c6d4861f.exe

Resource

win10v2004-20250314-en

xworm discovery persistence rat trojan

windows10-2004-x64

10 signatures

150 seconds

Behavioral task

behavioral27

Sample

53008e68ab00657702ebd582ff8dd1164b9809330083711a0409ed9dbdc50a9e.exe

Resource

win7-20240729-en

collection credential_access discovery persistence spyware stealer

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral28

Sample

53008e68ab00657702ebd582ff8dd1164b9809330083711a0409ed9dbdc50a9e.exe

Resource

win10v2004-20250314-en

collection credential_access discovery persistence spyware stealer

windows10-2004-x64

19 signatures

150 seconds

Behavioral task

behavioral29

Sample

535aeca70c4f3e3aedbcef76f5870ddd86af9459a907dd3012e3f4e9c8c6dba0.exe

Resource

win7-20241010-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral30

Sample

535aeca70c4f3e3aedbcef76f5870ddd86af9459a907dd3012e3f4e9c8c6dba0.exe

Resource

win10v2004-20250314-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral31

Sample

5370f14c685c1c1c6c9a206afc4657f2e57ca67a68580cf6291797f143e6963e.exe

Resource

win7-20240903-en

njrat hacked discovery trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral32

Sample

5370f14c685c1c1c6c9a206afc4657f2e57ca67a68580cf6291797f143e6963e.exe

Resource

win10v2004-20250314-en

discovery

windows10-2004-x64

10 signatures

150 seconds

Report Analysis Logs

General

Target

535aeca70c4f3e3aedbcef76f5870ddd86af9459a907dd3012e3f4e9c8c6dba0.exe
Size

14.8MB
MD5

3f58a3e07aa254de3aabfd1dbcc678af
SHA1

b05dd01d72396328a42cdab7d988bc50594ec406
SHA256

535aeca70c4f3e3aedbcef76f5870ddd86af9459a907dd3012e3f4e9c8c6dba0
SHA512

d93bf8a550cd2b1e497baf2d63dc00ba1b239b03a5e6c6bf9289b468107ac6cab9637c3d526dd6b156455a2ddb431fb3231c468bb9d03db83adb74c971279354
SSDEEP

393216:D/wgbPQQp7Nrb+exM5xyCBlmjKE4HisGTH897sBK:D/5B7NrvIx7lNkA

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
8	ip-api.com

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	924	535aeca70c4f3e3aedbcef76f5870ddd86af9459a907dd3012e3f4e9c8c6dba0.exe

Processes

C:\Users\Admin\AppData\Local\Temp\535aeca70c4f3e3aedbcef76f5870ddd86af9459a907dd3012e3f4e9c8c6dba0.exe
"C:\Users\Admin\AppData\Local\Temp\535aeca70c4f3e3aedbcef76f5870ddd86af9459a907dd3012e3f4e9c8c6dba0.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/924-0-0x00007FFFDCA83000-0x00007FFFDCA85000-memory.dmp

Filesize
8KB

Download
memory/924-1-0x0000000000600000-0x00000000014D2000-memory.dmp

Filesize
14.8MB

Download
memory/924-2-0x00007FFFDCA80000-0x00007FFFDD541000-memory.dmp

Filesize
10.8MB

Download
memory/924-3-0x00007FFFDCA80000-0x00007FFFDD541000-memory.dmp

Filesize
10.8MB

Download