Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    151s
  • max time network
    192s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/12/2022, 17:18

General

  • Target

    946e32491f8b03bfc4dd2d61448cc65943e56baa8758ee712d4adc9a2c37ab15.exe

  • Size

    228KB

  • MD5

    c3fbcf793d296649266d03d5e4c7e3f2

  • SHA1

    5537cde4a6bc4b0c26f3c45becb604d3e41de73e

  • SHA256

    946e32491f8b03bfc4dd2d61448cc65943e56baa8758ee712d4adc9a2c37ab15

  • SHA512

    e6d7b125479e5440862f4ea999d6e977fbab6982c241f5fc5747fb186a6321065e48804600dbb5c3848518fcd72cc2e59a00b844604e4e6e249610e2c4b9171a

  • SSDEEP

    3072:me6SHjZSAf0BxqoY+XOKGTqp5dZ4T2dlJkT1Ddj4/j8oHxSj:AEjg0uzCKGGNZ4TEMhZw8sSj

Score
6/10

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\946e32491f8b03bfc4dd2d61448cc65943e56baa8758ee712d4adc9a2c37ab15.exe
    "C:\Users\Admin\AppData\Local\Temp\946e32491f8b03bfc4dd2d61448cc65943e56baa8758ee712d4adc9a2c37ab15.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:756

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/756-132-0x0000000074BF0000-0x00000000751A1000-memory.dmp

    Filesize

    5.7MB