Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
165s -
max time network
207s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
01/12/2022, 17:42
Static task
static1
Behavioral task
behavioral1
Sample
ca52d71157eb727bd83428292aae4be86ea5f0d30ef4965baae220437659666a.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
ca52d71157eb727bd83428292aae4be86ea5f0d30ef4965baae220437659666a.exe
Resource
win10v2004-20221111-en
General
-
Target
ca52d71157eb727bd83428292aae4be86ea5f0d30ef4965baae220437659666a.exe
-
Size
191KB
-
MD5
cedeee26c160d6690c934cff2323f04f
-
SHA1
b504130e30e10e9473cc6d46294a4626e641b05d
-
SHA256
ca52d71157eb727bd83428292aae4be86ea5f0d30ef4965baae220437659666a
-
SHA512
8d1a4fa8316c94e243443d1db7689e12fc17c219c99252e5062872fb72d99f3f59102aa60b838dd5861bebc9aff069e37b040595ef2d3c616af01e50508cdaa5
-
SSDEEP
3072:BNX7OAVn2wczSwmg08SwsCWnKQ2E2On8wXdVxjH:BNqA8pzRmg08SwsCdQkbwX
Malware Config
Signatures
-
Unexpected DNS network traffic destination 1 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 94.242.250.64 -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 5092 ca52d71157eb727bd83428292aae4be86ea5f0d30ef4965baae220437659666a.exe 5092 ca52d71157eb727bd83428292aae4be86ea5f0d30ef4965baae220437659666a.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 5092 ca52d71157eb727bd83428292aae4be86ea5f0d30ef4965baae220437659666a.exe Token: SeDebugPrivilege 5092 ca52d71157eb727bd83428292aae4be86ea5f0d30ef4965baae220437659666a.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ca52d71157eb727bd83428292aae4be86ea5f0d30ef4965baae220437659666a.exe"C:\Users\Admin\AppData\Local\Temp\ca52d71157eb727bd83428292aae4be86ea5f0d30ef4965baae220437659666a.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5092