Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1s -
max time network
5s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
30/09/2022, 01:07
Static task
static1
Behavioral task
behavioral1
Sample
Ambrosial.exe
Resource
win10v2004-20220812-en
General
-
Target
Ambrosial.exe
-
Size
15.9MB
-
MD5
596b0f4684d45de83c204967c06e48a3
-
SHA1
933dc2dc29a17a9447c944289fed4f98e0eb5e5f
-
SHA256
6ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a
-
SHA512
8f50098d120d32a84347a8337dee27061a6914d66b951f930d491a81a9804317318f25f80467684fd4fecea6bccc6de38b2df3ee2742a54805f2cdb4413d3830
-
SSDEEP
196608:64WxsIO2gfRMhSE8/Erd8QP+ih91qBpodTAIRq+2vBt:64WuIO2gfRMYbcr6QP391qBafC
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Drops file in Windows directory 3 IoCs
description ioc Process File created C:\Windows\Fonts\OpenSansLight.ttf Ambrosial.exe File created C:\Windows\Fonts\Azonix.otf Ambrosial.exe File opened for modification C:\Windows\Fonts\Azonix.otf Ambrosial.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3196 Ambrosial.exe
Processes
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
49KB
MD5a92d3779d002b23db954e6c0acd93af0
SHA1fcd62290345c584187a8abf84e49452b5562a8b6
SHA256d4ba233491868d656aa88215ba5f49439f49f0b571cbf0bf917fa6eaf93181b5
SHA51296d61511bdf228c8187c5ba0f0a3571caa082f2b83cac339a7c9584782f648ebac151f79c11046ef728d9c6533f95ae879be5ff9b155b527bee2d502917d104b