Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
06/11/2022, 18:59
Static task
static1
Behavioral task
behavioral1
Sample
fd146fac8e9a18f78e828bbd06731e91353f45c1a0092a9545160879e2682164.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
fd146fac8e9a18f78e828bbd06731e91353f45c1a0092a9545160879e2682164.exe
Resource
win10v2004-20220812-en
General
-
Target
fd146fac8e9a18f78e828bbd06731e91353f45c1a0092a9545160879e2682164.exe
-
Size
636KB
-
MD5
167bcd90091d91453134a4828f849d90
-
SHA1
81a239636ee0a3d5aa65c0bbc273dbe731bc72b8
-
SHA256
fd146fac8e9a18f78e828bbd06731e91353f45c1a0092a9545160879e2682164
-
SHA512
8242db6779614440b4e3ad59c8cecdc12da2a4c0e4a6ecf08ec0f32b97c855e00775f89810d0885346b46fe35263f6b209aaa6451a8f0b43880e91d598371ecb
-
SSDEEP
12288:EFd0/lHor83o/cmPx93kJNiRUQbgLOxWoLRN1lQfxMesF19:kdO7l0fw9LALRN1lGIf
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 4088 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 4088 AUDIODG.EXE -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 4692 fd146fac8e9a18f78e828bbd06731e91353f45c1a0092a9545160879e2682164.exe 4692 fd146fac8e9a18f78e828bbd06731e91353f45c1a0092a9545160879e2682164.exe 4692 fd146fac8e9a18f78e828bbd06731e91353f45c1a0092a9545160879e2682164.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\fd146fac8e9a18f78e828bbd06731e91353f45c1a0092a9545160879e2682164.exe"C:\Users\Admin\AppData\Local\Temp\fd146fac8e9a18f78e828bbd06731e91353f45c1a0092a9545160879e2682164.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:4692
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4ec 0x5001⤵
- Suspicious use of AdjustPrivilegeToken
PID:4088