Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
106s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
04/10/2022, 04:31
Static task
static1
Behavioral task
behavioral1
Sample
69643a82b92ba23475e6de7d42165a54d40ac6100a661513a6d6b940c2748c45.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
69643a82b92ba23475e6de7d42165a54d40ac6100a661513a6d6b940c2748c45.exe
Resource
win10v2004-20220901-en
General
-
Target
69643a82b92ba23475e6de7d42165a54d40ac6100a661513a6d6b940c2748c45.exe
-
Size
16KB
-
MD5
5b617cd8964401255c535fd10da0ee40
-
SHA1
74dcbc88a91c55d5be958fc8a0e9e1a38a94c447
-
SHA256
69643a82b92ba23475e6de7d42165a54d40ac6100a661513a6d6b940c2748c45
-
SHA512
e15d6b856670014844d859a1bb5c55adf1daa009e8fa8067c4178ee2a8acb5f973699cc5acb146e4428c78d4fcb5c0764e689844535c27e99a3b011110790cff
-
SSDEEP
192:J20NGKTcvITm++JD+7fZQHCZBAlVW52DKhctfdwFP1oynR7:frOwxB+VteTx1n
Malware Config
Signatures
-
Drops file in System32 directory 1 IoCs
description ioc Process File created C:\WINDOWS\SysWOW64\j 69643a82b92ba23475e6de7d42165a54d40ac6100a661513a6d6b940c2748c45.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\ushata.dll 69643a82b92ba23475e6de7d42165a54d40ac6100a661513a6d6b940c2748c45.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1352 69643a82b92ba23475e6de7d42165a54d40ac6100a661513a6d6b940c2748c45.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1352 69643a82b92ba23475e6de7d42165a54d40ac6100a661513a6d6b940c2748c45.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\69643a82b92ba23475e6de7d42165a54d40ac6100a661513a6d6b940c2748c45.exe"C:\Users\Admin\AppData\Local\Temp\69643a82b92ba23475e6de7d42165a54d40ac6100a661513a6d6b940c2748c45.exe"1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1352
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe1⤵PID:1112