Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
192s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
05/12/2022, 17:18
Static task
static1
Behavioral task
behavioral1
Sample
946e32491f8b03bfc4dd2d61448cc65943e56baa8758ee712d4adc9a2c37ab15.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
946e32491f8b03bfc4dd2d61448cc65943e56baa8758ee712d4adc9a2c37ab15.exe
Resource
win10v2004-20221111-en
General
-
Target
946e32491f8b03bfc4dd2d61448cc65943e56baa8758ee712d4adc9a2c37ab15.exe
-
Size
228KB
-
MD5
c3fbcf793d296649266d03d5e4c7e3f2
-
SHA1
5537cde4a6bc4b0c26f3c45becb604d3e41de73e
-
SHA256
946e32491f8b03bfc4dd2d61448cc65943e56baa8758ee712d4adc9a2c37ab15
-
SHA512
e6d7b125479e5440862f4ea999d6e977fbab6982c241f5fc5747fb186a6321065e48804600dbb5c3848518fcd72cc2e59a00b844604e4e6e249610e2c4b9171a
-
SSDEEP
3072:me6SHjZSAf0BxqoY+XOKGTqp5dZ4T2dlJkT1Ddj4/j8oHxSj:AEjg0uzCKGGNZ4TEMhZw8sSj
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\946e32491f8b03bfc4dd2d61448cc65943e56baa8758ee712d4adc9a2c37ab15.exe = "C:\\Program Files\\Startup App\\" 946e32491f8b03bfc4dd2d61448cc65943e56baa8758ee712d4adc9a2c37ab15.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 756 946e32491f8b03bfc4dd2d61448cc65943e56baa8758ee712d4adc9a2c37ab15.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 756 946e32491f8b03bfc4dd2d61448cc65943e56baa8758ee712d4adc9a2c37ab15.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 756 946e32491f8b03bfc4dd2d61448cc65943e56baa8758ee712d4adc9a2c37ab15.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\946e32491f8b03bfc4dd2d61448cc65943e56baa8758ee712d4adc9a2c37ab15.exe"C:\Users\Admin\AppData\Local\Temp\946e32491f8b03bfc4dd2d61448cc65943e56baa8758ee712d4adc9a2c37ab15.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:756