Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
254s -
max time network
257s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
16/12/2022, 12:38
Static task
static1
Behavioral task
behavioral1
Sample
BraveBrowserSetup.exe
Resource
win7-20221111-en
5 signatures
300 seconds
General
-
Target
BraveBrowserSetup.exe
-
Size
309.1MB
-
MD5
931195d97525e56b81273de435a1b23a
-
SHA1
a7b1888845db32aceb0c0d8a98a448e94ac95d0a
-
SHA256
bd06228669802c5ee2f00c900dd17efd1763780b17f05346d5ddcf6ead24297b
-
SHA512
c53b492d548f9cbd1f35aff646fe5344b141bf226aa78eb39c05914ff2704fd4cd9c5ed336967354b3311db487f60271374783ef6d485187ea714cd506912792
-
SSDEEP
24576:jgo+DDRIgvlC+pKc8zDkfxUXtWjPMBzuxK2:M5DDRISrxUcjPMBzuxv
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 1216 set thread context of 268 1216 BraveBrowserSetup.exe 30 -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 560 powershell.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 1216 BraveBrowserSetup.exe Token: SeDebugPrivilege 560 powershell.exe -
Suspicious use of WriteProcessMemory 17 IoCs
description pid Process procid_target PID 1216 wrote to memory of 560 1216 BraveBrowserSetup.exe 28 PID 1216 wrote to memory of 560 1216 BraveBrowserSetup.exe 28 PID 1216 wrote to memory of 560 1216 BraveBrowserSetup.exe 28 PID 1216 wrote to memory of 560 1216 BraveBrowserSetup.exe 28 PID 1216 wrote to memory of 268 1216 BraveBrowserSetup.exe 30 PID 1216 wrote to memory of 268 1216 BraveBrowserSetup.exe 30 PID 1216 wrote to memory of 268 1216 BraveBrowserSetup.exe 30 PID 1216 wrote to memory of 268 1216 BraveBrowserSetup.exe 30 PID 1216 wrote to memory of 268 1216 BraveBrowserSetup.exe 30 PID 1216 wrote to memory of 268 1216 BraveBrowserSetup.exe 30 PID 1216 wrote to memory of 268 1216 BraveBrowserSetup.exe 30 PID 1216 wrote to memory of 268 1216 BraveBrowserSetup.exe 30 PID 1216 wrote to memory of 268 1216 BraveBrowserSetup.exe 30 PID 1216 wrote to memory of 268 1216 BraveBrowserSetup.exe 30 PID 1216 wrote to memory of 268 1216 BraveBrowserSetup.exe 30 PID 1216 wrote to memory of 268 1216 BraveBrowserSetup.exe 30 PID 1216 wrote to memory of 268 1216 BraveBrowserSetup.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup.exe"C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1216 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ENC cwB0AGEAcgB0AC0AcwBsAGUAZQBwACAALQBzAGUAYwBvAG4AZABzACAAMgAwAA==2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:560
-
-
C:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup.exeC:\Users\Admin\AppData\Local\Temp\BraveBrowserSetup.exe2⤵PID:268
-