Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Task
task1
Task
task2
General
-
Target
Exes_0679ff8965a354cbe614a19cb8d2844b.exe
-
Sample
190801-ap6p9lwmre
-
SHA256
c27b2d312a9e203b0fca4df49aa1d9ef1c974764f6d46eaa85fba3616e61414a
Score
N/A
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 TTPs 1 IoCs
description Token: SeDebugPrivilege -
Modifies Winlogon for persistence 2 TTPs 1 IoCs
description \REGISTRY\USER\S-1-5-21-1548117458-596549244-604853198-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "\"C:\\Users\\Admin\\AppData\\Roaming\\EwmxaE49afjah0c4\\xmK5b0iZDrrX.exe\",explorer.exe" -
Suspicious use of WriteProcessMemory 1 TTPs 2 IoCs
description pid PID 820 wrote to memory of 1192 1192 PID 820 wrote to memory of 952 952 -
Suspicious behavior: EnumeratesProcesses
-
Suspicious use of SetThreadContext 1 IoCs
description pid PID 820 set thread context of 952 952