5307ce2390d7c4bfba56c3f519dfcf29d7a5e1752150847c43b6d94d5a9e0ffb

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

90ed1454b8...38.exe

windows7-x64

90ed1454b8...38.exe

windows10-2004-x64

91570920da...cf.exe

windows7-x64

91570920da...cf.exe

windows10-2004-x64

915c452bf2...b6.exe

windows7-x64

915c452bf2...b6.exe

windows10-2004-x64

916cd92d3a...38.exe

windows7-x64

916cd92d3a...38.exe

windows10-2004-x64

916fbe67a7...e3.exe

windows7-x64

916fbe67a7...e3.exe

windows10-2004-x64

91cce1a9f4...6a.exe

windows7-x64

91cce1a9f4...6a.exe

windows10-2004-x64

91d2e3f758...f6.exe

windows7-x64

91d2e3f758...f6.exe

windows10-2004-x64

91d7fa8d89...52.exe

windows7-x64

91d7fa8d89...52.exe

windows10-2004-x64

91e6d47bd8...cc.exe

windows7-x64

91e6d47bd8...cc.exe

windows10-2004-x64

92105c7a3b...24.exe

windows7-x64

92105c7a3b...24.exe

windows10-2004-x64

921421b7f5...09.exe

windows7-x64

921421b7f5...09.exe

windows10-2004-x64

9221b9eea3...3c.exe

windows7-x64

9221b9eea3...3c.exe

windows10-2004-x64

92324d5776...05.exe

windows7-x64

92324d5776...05.exe

windows10-2004-x64

927cd0bd1a...b8.exe

windows7-x64

927cd0bd1a...b8.exe

windows10-2004-x64

92efd55895...78.exe

windows7-x64

92efd55895...78.exe

windows10-2004-x64

932a9096cd...eb.exe

windows7-x64

932a9096cd...eb.exe

windows10-2004-x64

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22/03/2025, 06:14

Sharing

Copy URL

Twitter E-mail

Static task

static1

9 signatures

Behavioral task

behavioral1

Sample

90ed1454b881cba4ecd9b651325d4638.exe

Resource

win7-20241010-en

metamorpherrat discovery persistence rat stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

90ed1454b881cba4ecd9b651325d4638.exe

Resource

win10v2004-20250314-en

metamorpherrat discovery persistence rat stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Behavioral task

behavioral3

Sample

91570920daa6ee3c5d03da7664cb620ac5be5038ac64a295811ed8349b5d3dcf.exe

Resource

win7-20240903-en

imminent discovery persistence spyware trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral4

Sample

91570920daa6ee3c5d03da7664cb620ac5be5038ac64a295811ed8349b5d3dcf.exe

Resource

win10v2004-20250314-en

discovery persistence

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral5

Sample

915c452bf258459048ef8813fe2586a7b3c85ae7438fcd9bfa6da3a4017a08b6.exe

Resource

win7-20241010-en

dcrat infostealer rat

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral6

Sample

915c452bf258459048ef8813fe2586a7b3c85ae7438fcd9bfa6da3a4017a08b6.exe

Resource

win10v2004-20250314-en

dcrat infostealer rat

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral7

Sample

916cd92d3ac28dded1335ac06764e138.exe

Resource

win7-20240903-en

xworm execution persistence rat trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral8

Sample

916cd92d3ac28dded1335ac06764e138.exe

Resource

win10v2004-20250314-en

xworm execution persistence rat trojan

windows10-2004-x64

15 signatures

150 seconds

Behavioral task

behavioral9

Sample

916fbe67a7968d2b65d54ae3ce72f3e3.exe

Resource

win7-20240903-en

metamorpherrat discovery persistence rat stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral10

Sample

916fbe67a7968d2b65d54ae3ce72f3e3.exe

Resource

win10v2004-20250314-en

metamorpherrat discovery persistence rat stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral11

Sample

91cce1a9f4562b0cd73d60203cebb76a.exe

Resource

win7-20241023-en

asyncrat default rat

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral12

Sample

91cce1a9f4562b0cd73d60203cebb76a.exe

Resource

win10v2004-20250314-en

asyncrat default rat

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral13

Sample

91d2e3f758fbb2c6c8e7b069bd3ac7a4d68e4f9dea0e71ff60bdbcd2ac9dd4f6.exe

Resource

win7-20241023-en

defense_evasion execution trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral14

Sample

91d2e3f758fbb2c6c8e7b069bd3ac7a4d68e4f9dea0e71ff60bdbcd2ac9dd4f6.exe

Resource

win10v2004-20250314-en

defense_evasion execution trojan

windows10-2004-x64

17 signatures

150 seconds

Behavioral task

behavioral15

Sample

91d7fa8d891f603b35c77da7fcc4c552.exe

Resource

win7-20241010-en

dcrat defense_evasion execution infostealer persistence rat trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral16

Sample

91d7fa8d891f603b35c77da7fcc4c552.exe

Resource

win10v2004-20250314-en

dcrat defense_evasion execution infostealer persistence rat trojan

windows10-2004-x64

21 signatures

150 seconds

Behavioral task

behavioral17

Sample

91e6d47bd804e58a4e160993dfdfc3cc.exe

Resource

win7-20240729-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral18

Sample

91e6d47bd804e58a4e160993dfdfc3cc.exe

Resource

win10v2004-20250314-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral19

Sample

92105c7a3b72655063939b49b38e6567d6703ed95f694cab2247bd9832706524.exe

Resource

win7-20240903-en

discovery persistence

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral20

Sample

92105c7a3b72655063939b49b38e6567d6703ed95f694cab2247bd9832706524.exe

Resource

win10v2004-20250314-en

discovery persistence

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral21

Sample

921421b7f5be88eb661517835c090cd8a2fdcdfc69154d129c70ffa36da54809.exe

Resource

win7-20240729-en

collection credential_access discovery persistence spyware stealer

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral22

Sample

921421b7f5be88eb661517835c090cd8a2fdcdfc69154d129c70ffa36da54809.exe

Resource

win10v2004-20250314-en

collection credential_access discovery persistence spyware stealer

windows10-2004-x64

19 signatures

150 seconds

Behavioral task

behavioral23

Sample

9221b9eea367a2434dacd850f7b30b3c.exe

Resource

win7-20240903-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral24

Sample

9221b9eea367a2434dacd850f7b30b3c.exe

Resource

win10v2004-20250314-en

limerat rat

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral25

Sample

92324d5776518f262a2ce8bfd8c6856500a9c454b9a8b688810f604111532e05.exe

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral26

Sample

92324d5776518f262a2ce8bfd8c6856500a9c454b9a8b688810f604111532e05.exe

Resource

win10v2004-20250314-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral27

Sample

927cd0bd1a26a2158a18e48e682ba3b8.exe

Resource

win7-20241010-en

discovery

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral28

Sample

927cd0bd1a26a2158a18e48e682ba3b8.exe

Resource

win10v2004-20250314-en

discovery

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral29

Sample

92efd55895cd60b5057f3fb06ad84c78.exe

Resource

win7-20250207-en

dcrat execution infostealer rat

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral30

Sample

92efd55895cd60b5057f3fb06ad84c78.exe

Resource

win10v2004-20250314-en

dcrat execution infostealer rat

windows10-2004-x64

15 signatures

150 seconds

Behavioral task

behavioral31

Sample

932a9096cd16630970f2bdc5e6cb9aeb.exe

Resource

win7-20240903-en

dcrat defense_evasion execution infostealer rat trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral32

Sample

932a9096cd16630970f2bdc5e6cb9aeb.exe

Resource

win10v2004-20250314-en

dcrat defense_evasion execution infostealer rat trojan

windows10-2004-x64

19 signatures

150 seconds

Report Analysis Logs

General

Target

9221b9eea367a2434dacd850f7b30b3c.exe
Size

44KB
MD5

9221b9eea367a2434dacd850f7b30b3c
SHA1

27e3744c79b246b4fe2cf9c360bc47673c069603
SHA256

753d2498922e1be3c44270f548307720c6b645a74a8c40a801ce789493cd8684
SHA512

628295449f91fbd4eb478336f16eb5d999899ef1709b67d71873c8d95f35e2dfa088d04050786e80a7d65c4d644f91986deecaa516ff43d5b7e067073c196974
SSDEEP

768:dX1g7W5yeUxFjFUCRvTUQBj0FbC1+wA0NChqaw5:dXKWo9xFpUIwFbq5A0Q3w5

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	768	9221b9eea367a2434dacd850f7b30b3c.exe
Token: SeIncBasePriorityPrivilege	768	9221b9eea367a2434dacd850f7b30b3c.exe

Processes

C:\Users\Admin\AppData\Local\Temp\9221b9eea367a2434dacd850f7b30b3c.exe
"C:\Users\Admin\AppData\Local\Temp\9221b9eea367a2434dacd850f7b30b3c.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/768-0-0x000007FEF5DA3000-0x000007FEF5DA4000-memory.dmp

Filesize
4KB

Download
memory/768-1-0x00000000010D0000-0x00000000010E2000-memory.dmp

Filesize
72KB

Download