Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
90s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
20/10/2022, 13:59
Static task
static1
Behavioral task
behavioral1
Sample
1.exe
Resource
win7-20220901-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
1.exe
Resource
win10v2004-20220901-en
1 signatures
150 seconds
General
-
Target
1.exe
-
Size
9.2MB
-
MD5
ba897c928268b082818c52bbaf5a169f
-
SHA1
26ee9ba5a3ca92a73f7b7fe028194f2aee64273e
-
SHA256
09881aa21170e26c7f7b6c44c7146bacdf5aed2571528c095451ab71d4f7ba6d
-
SHA512
c76c0d24171da8c8396d9bcb12b136a429d53e8103271e7a1d6b3e76a9e1265bed25784b999446135df476019c17119f233b42d9be75e23be567f9abae044142
-
SSDEEP
196608:dYF5itoeDblXVyd2vT0GSvwxubn4HVlM:+moG1VyG4qx+nIlM
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 24 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 816 1.exe Token: SeSecurityPrivilege 816 1.exe Token: SeTakeOwnershipPrivilege 816 1.exe Token: SeLoadDriverPrivilege 816 1.exe Token: SeSystemProfilePrivilege 816 1.exe Token: SeSystemtimePrivilege 816 1.exe Token: SeProfSingleProcessPrivilege 816 1.exe Token: SeIncBasePriorityPrivilege 816 1.exe Token: SeCreatePagefilePrivilege 816 1.exe Token: SeBackupPrivilege 816 1.exe Token: SeRestorePrivilege 816 1.exe Token: SeShutdownPrivilege 816 1.exe Token: SeDebugPrivilege 816 1.exe Token: SeSystemEnvironmentPrivilege 816 1.exe Token: SeChangeNotifyPrivilege 816 1.exe Token: SeRemoteShutdownPrivilege 816 1.exe Token: SeUndockPrivilege 816 1.exe Token: SeManageVolumePrivilege 816 1.exe Token: SeImpersonatePrivilege 816 1.exe Token: SeCreateGlobalPrivilege 816 1.exe Token: 33 816 1.exe Token: 34 816 1.exe Token: 35 816 1.exe Token: 36 816 1.exe