Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
30/10/2022, 14:46
Behavioral task
behavioral1
Sample
24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe
Resource
win7-20220812-en
7 signatures
150 seconds
General
-
Target
24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe
-
Size
743KB
-
MD5
938c2d1fc83e69a6fb33fbfd5dca3ea1
-
SHA1
82c6740dfbe5e05595ad659b6fb8efd36f46e480
-
SHA256
24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e
-
SHA512
ab2a49fd2459ab3598693d4c004e9d3194db636689da4f83ae9edaf78a16a5957bed516f98e0cc2123e9d2a04dac91608a07a0c071af2b93711a386646370523
-
SSDEEP
12288:p8UaT9XY2siA0bMG09xD7I3Gg8ecgVvfBoCDBOQQYbVXpuy1f/gORix:iUKoN0bUxgGa/pfBHDb+y1HgZ
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" 24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" iexplore.exe -
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" 24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 1388 set thread context of 1472 1388 24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe 26 -
Suspicious use of AdjustPrivilegeToken 46 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 1388 24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe Token: SeSecurityPrivilege 1388 24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe Token: SeTakeOwnershipPrivilege 1388 24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe Token: SeLoadDriverPrivilege 1388 24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe Token: SeSystemProfilePrivilege 1388 24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe Token: SeSystemtimePrivilege 1388 24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe Token: SeProfSingleProcessPrivilege 1388 24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe Token: SeIncBasePriorityPrivilege 1388 24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe Token: SeCreatePagefilePrivilege 1388 24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe Token: SeBackupPrivilege 1388 24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe Token: SeRestorePrivilege 1388 24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe Token: SeShutdownPrivilege 1388 24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe Token: SeDebugPrivilege 1388 24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe Token: SeSystemEnvironmentPrivilege 1388 24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe Token: SeChangeNotifyPrivilege 1388 24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe Token: SeRemoteShutdownPrivilege 1388 24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe Token: SeUndockPrivilege 1388 24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe Token: SeManageVolumePrivilege 1388 24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe Token: SeImpersonatePrivilege 1388 24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe Token: SeCreateGlobalPrivilege 1388 24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe Token: 33 1388 24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe Token: 34 1388 24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe Token: 35 1388 24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe Token: SeIncreaseQuotaPrivilege 1472 iexplore.exe Token: SeSecurityPrivilege 1472 iexplore.exe Token: SeTakeOwnershipPrivilege 1472 iexplore.exe Token: SeLoadDriverPrivilege 1472 iexplore.exe Token: SeSystemProfilePrivilege 1472 iexplore.exe Token: SeSystemtimePrivilege 1472 iexplore.exe Token: SeProfSingleProcessPrivilege 1472 iexplore.exe Token: SeIncBasePriorityPrivilege 1472 iexplore.exe Token: SeCreatePagefilePrivilege 1472 iexplore.exe Token: SeBackupPrivilege 1472 iexplore.exe Token: SeRestorePrivilege 1472 iexplore.exe Token: SeShutdownPrivilege 1472 iexplore.exe Token: SeDebugPrivilege 1472 iexplore.exe Token: SeSystemEnvironmentPrivilege 1472 iexplore.exe Token: SeChangeNotifyPrivilege 1472 iexplore.exe Token: SeRemoteShutdownPrivilege 1472 iexplore.exe Token: SeUndockPrivilege 1472 iexplore.exe Token: SeManageVolumePrivilege 1472 iexplore.exe Token: SeImpersonatePrivilege 1472 iexplore.exe Token: SeCreateGlobalPrivilege 1472 iexplore.exe Token: 33 1472 iexplore.exe Token: 34 1472 iexplore.exe Token: 35 1472 iexplore.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1472 iexplore.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 1388 wrote to memory of 1472 1388 24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe 26 PID 1388 wrote to memory of 1472 1388 24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe 26 PID 1388 wrote to memory of 1472 1388 24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe 26 PID 1388 wrote to memory of 1472 1388 24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe 26 PID 1388 wrote to memory of 1472 1388 24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe 26 PID 1388 wrote to memory of 1472 1388 24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe 26
Processes
-
C:\Users\Admin\AppData\Local\Temp\24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe"C:\Users\Admin\AppData\Local\Temp\24a221f7354fc10d013a80ec9bfccac9722d03b64f0bfdab06f20abab2ec301e.exe"1⤵
- Windows security bypass
- Windows security modification
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1388 -
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe"2⤵
- Windows security bypass
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1472
-