Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
68s -
max time network
104s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
04/12/2022, 11:12
Static task
static1
Behavioral task
behavioral1
Sample
e0d4e599af3f932f1d753378213fe572052e761cc435105f8d1d188b2be5e23c.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
e0d4e599af3f932f1d753378213fe572052e761cc435105f8d1d188b2be5e23c.exe
Resource
win10v2004-20221111-en
Errors
General
-
Target
e0d4e599af3f932f1d753378213fe572052e761cc435105f8d1d188b2be5e23c.exe
-
Size
92KB
-
MD5
917ae3434b5cfd9cfd67ba759fb166ac
-
SHA1
85311a2052b4d077661fd9cd483da22385f3e001
-
SHA256
e0d4e599af3f932f1d753378213fe572052e761cc435105f8d1d188b2be5e23c
-
SHA512
0b8467e8a446654055b33f5913b3ed3cd864910cd6091d18e8d67c9b25275294644d5fe1557340ac2b72af6bbd30f394a7fdf39fc6ff0b0fc7b52b725f30afe4
-
SSDEEP
1536:g5KM9ephBbT0ctgD6Yw9aP+Ky43waZ4cZ7Fv0C0W9cAlqeTCQ1ioSJlIU:gMM9ejBbYct6Fw9Q+Z1iz96C0WGEqe/6
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
Drops file in System32 directory 1 IoCs
description ioc Process File created C:\Windows\SysWOW64\juripnk.dll e0d4e599af3f932f1d753378213fe572052e761cc435105f8d1d188b2be5e23c.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeShutdownPrivilege 848 e0d4e599af3f932f1d753378213fe572052e761cc435105f8d1d188b2be5e23c.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\e0d4e599af3f932f1d753378213fe572052e761cc435105f8d1d188b2be5e23c.exe"C:\Users\Admin\AppData\Local\Temp\e0d4e599af3f932f1d753378213fe572052e761cc435105f8d1d188b2be5e23c.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:848
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x01⤵PID:1256
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x11⤵PID:1500