Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
31s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
06/03/2023, 19:26
Static task
static1
Behavioral task
behavioral1
Sample
changePassword.exe
Resource
win7-20230220-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
changePassword.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
changePassword.exe
-
Size
2.6MB
-
MD5
487edea28433a33c3c45b4ebb0dc1b3d
-
SHA1
afa9d31e633421ff41f5f565e5c98cf8efb44b52
-
SHA256
cbdfac8826b8d6eb2c5f01fd617d72a62c63fd4458f10cdd8ce5b16db530dfe7
-
SHA512
a29b5173e2780957e7cd88259521e67d944203dd56197cba0822f909c1efc81224a36fd9ee29549d3cd41afe2e9a0ab0c05cf086e3be57bb5fa4fefa9a020499
-
SSDEEP
49152:JYXxGSuLrb/TgvO90dL3BmAFd4A64nsfJhM4UtCmgO3HWAXyD1gR4fVdUB9HCp7b:CX1Gk2WrX4k2q+gYNk
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 40 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 908 WMIC.exe Token: SeSecurityPrivilege 908 WMIC.exe Token: SeTakeOwnershipPrivilege 908 WMIC.exe Token: SeLoadDriverPrivilege 908 WMIC.exe Token: SeSystemProfilePrivilege 908 WMIC.exe Token: SeSystemtimePrivilege 908 WMIC.exe Token: SeProfSingleProcessPrivilege 908 WMIC.exe Token: SeIncBasePriorityPrivilege 908 WMIC.exe Token: SeCreatePagefilePrivilege 908 WMIC.exe Token: SeBackupPrivilege 908 WMIC.exe Token: SeRestorePrivilege 908 WMIC.exe Token: SeShutdownPrivilege 908 WMIC.exe Token: SeDebugPrivilege 908 WMIC.exe Token: SeSystemEnvironmentPrivilege 908 WMIC.exe Token: SeRemoteShutdownPrivilege 908 WMIC.exe Token: SeUndockPrivilege 908 WMIC.exe Token: SeManageVolumePrivilege 908 WMIC.exe Token: 33 908 WMIC.exe Token: 34 908 WMIC.exe Token: 35 908 WMIC.exe Token: SeIncreaseQuotaPrivilege 908 WMIC.exe Token: SeSecurityPrivilege 908 WMIC.exe Token: SeTakeOwnershipPrivilege 908 WMIC.exe Token: SeLoadDriverPrivilege 908 WMIC.exe Token: SeSystemProfilePrivilege 908 WMIC.exe Token: SeSystemtimePrivilege 908 WMIC.exe Token: SeProfSingleProcessPrivilege 908 WMIC.exe Token: SeIncBasePriorityPrivilege 908 WMIC.exe Token: SeCreatePagefilePrivilege 908 WMIC.exe Token: SeBackupPrivilege 908 WMIC.exe Token: SeRestorePrivilege 908 WMIC.exe Token: SeShutdownPrivilege 908 WMIC.exe Token: SeDebugPrivilege 908 WMIC.exe Token: SeSystemEnvironmentPrivilege 908 WMIC.exe Token: SeRemoteShutdownPrivilege 908 WMIC.exe Token: SeUndockPrivilege 908 WMIC.exe Token: SeManageVolumePrivilege 908 WMIC.exe Token: 33 908 WMIC.exe Token: 34 908 WMIC.exe Token: 35 908 WMIC.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 1116 wrote to memory of 1864 1116 changePassword.exe 28 PID 1116 wrote to memory of 1864 1116 changePassword.exe 28 PID 1116 wrote to memory of 1864 1116 changePassword.exe 28 PID 1864 wrote to memory of 908 1864 cmd.exe 30 PID 1864 wrote to memory of 908 1864 cmd.exe 30 PID 1864 wrote to memory of 908 1864 cmd.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\changePassword.exe"C:\Users\Admin\AppData\Local\Temp\changePassword.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1116 -
C:\Windows\system32\cmd.execmd /C wmic /namespace:\\root\wmi PATH MSAcpi_ThermalZoneTemperature get CurrentTemperature2⤵
- Suspicious use of WriteProcessMemory
PID:1864 -
C:\Windows\System32\Wbem\WMIC.exewmic /namespace:\\root\wmi PATH MSAcpi_ThermalZoneTemperature get CurrentTemperature3⤵
- Suspicious use of AdjustPrivilegeToken
PID:908
-
-