Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
272s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
12/09/2022, 15:26
General
-
Target
56db3f2732926357632cd95d020dd6abbdee2f40596deafd9c9ce849cc5cf86c.exe
-
Size
2.4MB
-
MD5
a0b623e5db90e7b7f91a350fcbfd661b
-
SHA1
12e71a986e8f65a19c7e7a99da8c049c70f533b5
-
SHA256
56db3f2732926357632cd95d020dd6abbdee2f40596deafd9c9ce849cc5cf86c
-
SHA512
c75234cea7a872c7314a895d17ce6ff1a20f28f76631f21ca6f4e9fc8baf39287fe1d6bc0bf0b4005ca25c4816cebb4e91146d074e24308b702e45e78c2c00ca
-
SSDEEP
49152:7Rozi307t/SoJvnGjQUlJrQu6Kci17kejlkH1og/61H99GoBKxCdMr0B0IaV2aLh:7RoziE7JnGkUTrQfipjlkuH1HbGVxCdI
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\56db3f2732926357632cd95d020dd6abbdee2f40596deafd9c9ce849cc5cf86c.exe"C:\Users\Admin\AppData\Local\Temp\56db3f2732926357632cd95d020dd6abbdee2f40596deafd9c9ce849cc5cf86c.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc UwBlAHQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAA==1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
136KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
556KB
-
Filesize
8.5MB
-
Filesize
8.5MB
-
Filesize
8.9MB
-
Filesize
556KB
-
Filesize
408KB
-
Filesize
8.5MB
-
Filesize
2.2MB
-
Filesize
2.2MB
-
Filesize
2.2MB
-
Filesize
8.9MB