Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
161s -
max time network
167s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
27/11/2022, 16:38
Static task
static1
Behavioral task
behavioral1
Sample
179fbc53f6ab40e3321fbf6159bdd60ab10ddb5ac0f1ba19cd90bfe6c0767bac.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
179fbc53f6ab40e3321fbf6159bdd60ab10ddb5ac0f1ba19cd90bfe6c0767bac.exe
Resource
win10v2004-20220812-en
General
-
Target
179fbc53f6ab40e3321fbf6159bdd60ab10ddb5ac0f1ba19cd90bfe6c0767bac.exe
-
Size
551KB
-
MD5
b82c97dfad269ef67ee3a5584e2c078e
-
SHA1
fc9d381c2bcff5a8fbcffe787853574c7eac1913
-
SHA256
179fbc53f6ab40e3321fbf6159bdd60ab10ddb5ac0f1ba19cd90bfe6c0767bac
-
SHA512
717d731c1702bcea3c2c56bdcbfbf90e75ddd036f981eb9b6388f0bdec104374ccce754a56d432aa8fa33711bb04b5433cce5c1303ff75659a7c918600aa520a
-
SSDEEP
12288:ORU3yGnKsPPd6cWbCFZczr6Tw/9XPhBOf/z+4osa08CGJh0tBbE:ORmy3sd6TmFeCTwFZr48L0vb
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Default Key = "C:\\Users\\Admin\\AppData\\Roaming\\Default Folder\\Default File.exe" 179fbc53f6ab40e3321fbf6159bdd60ab10ddb5ac0f1ba19cd90bfe6c0767bac.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Default Key = "\\Default Folder\\Default File.exe" 179fbc53f6ab40e3321fbf6159bdd60ab10ddb5ac0f1ba19cd90bfe6c0767bac.exe -
Drops desktop.ini file(s) 2 IoCs
description ioc Process File created C:\Windows\assembly\Desktop.ini 179fbc53f6ab40e3321fbf6159bdd60ab10ddb5ac0f1ba19cd90bfe6c0767bac.exe File opened for modification C:\Windows\assembly\Desktop.ini 179fbc53f6ab40e3321fbf6159bdd60ab10ddb5ac0f1ba19cd90bfe6c0767bac.exe -
Drops file in Windows directory 3 IoCs
description ioc Process File created C:\Windows\assembly\Desktop.ini 179fbc53f6ab40e3321fbf6159bdd60ab10ddb5ac0f1ba19cd90bfe6c0767bac.exe File opened for modification C:\Windows\assembly\Desktop.ini 179fbc53f6ab40e3321fbf6159bdd60ab10ddb5ac0f1ba19cd90bfe6c0767bac.exe File opened for modification C:\Windows\assembly 179fbc53f6ab40e3321fbf6159bdd60ab10ddb5ac0f1ba19cd90bfe6c0767bac.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 428 179fbc53f6ab40e3321fbf6159bdd60ab10ddb5ac0f1ba19cd90bfe6c0767bac.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 428 179fbc53f6ab40e3321fbf6159bdd60ab10ddb5ac0f1ba19cd90bfe6c0767bac.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 428 179fbc53f6ab40e3321fbf6159bdd60ab10ddb5ac0f1ba19cd90bfe6c0767bac.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\179fbc53f6ab40e3321fbf6159bdd60ab10ddb5ac0f1ba19cd90bfe6c0767bac.exe"C:\Users\Admin\AppData\Local\Temp\179fbc53f6ab40e3321fbf6159bdd60ab10ddb5ac0f1ba19cd90bfe6c0767bac.exe"1⤵
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:428