Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
41s -
max time network
47s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
06/03/2023, 19:26
Static task
static1
Behavioral task
behavioral1
Sample
changePassword.exe
Resource
win7-20230220-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
changePassword.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
changePassword.exe
-
Size
2.6MB
-
MD5
487edea28433a33c3c45b4ebb0dc1b3d
-
SHA1
afa9d31e633421ff41f5f565e5c98cf8efb44b52
-
SHA256
cbdfac8826b8d6eb2c5f01fd617d72a62c63fd4458f10cdd8ce5b16db530dfe7
-
SHA512
a29b5173e2780957e7cd88259521e67d944203dd56197cba0822f909c1efc81224a36fd9ee29549d3cd41afe2e9a0ab0c05cf086e3be57bb5fa4fefa9a020499
-
SSDEEP
49152:JYXxGSuLrb/TgvO90dL3BmAFd4A64nsfJhM4UtCmgO3HWAXyD1gR4fVdUB9HCp7b:CX1Gk2WrX4k2q+gYNk
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 42 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 1996 WMIC.exe Token: SeSecurityPrivilege 1996 WMIC.exe Token: SeTakeOwnershipPrivilege 1996 WMIC.exe Token: SeLoadDriverPrivilege 1996 WMIC.exe Token: SeSystemProfilePrivilege 1996 WMIC.exe Token: SeSystemtimePrivilege 1996 WMIC.exe Token: SeProfSingleProcessPrivilege 1996 WMIC.exe Token: SeIncBasePriorityPrivilege 1996 WMIC.exe Token: SeCreatePagefilePrivilege 1996 WMIC.exe Token: SeBackupPrivilege 1996 WMIC.exe Token: SeRestorePrivilege 1996 WMIC.exe Token: SeShutdownPrivilege 1996 WMIC.exe Token: SeDebugPrivilege 1996 WMIC.exe Token: SeSystemEnvironmentPrivilege 1996 WMIC.exe Token: SeRemoteShutdownPrivilege 1996 WMIC.exe Token: SeUndockPrivilege 1996 WMIC.exe Token: SeManageVolumePrivilege 1996 WMIC.exe Token: 33 1996 WMIC.exe Token: 34 1996 WMIC.exe Token: 35 1996 WMIC.exe Token: 36 1996 WMIC.exe Token: SeIncreaseQuotaPrivilege 1996 WMIC.exe Token: SeSecurityPrivilege 1996 WMIC.exe Token: SeTakeOwnershipPrivilege 1996 WMIC.exe Token: SeLoadDriverPrivilege 1996 WMIC.exe Token: SeSystemProfilePrivilege 1996 WMIC.exe Token: SeSystemtimePrivilege 1996 WMIC.exe Token: SeProfSingleProcessPrivilege 1996 WMIC.exe Token: SeIncBasePriorityPrivilege 1996 WMIC.exe Token: SeCreatePagefilePrivilege 1996 WMIC.exe Token: SeBackupPrivilege 1996 WMIC.exe Token: SeRestorePrivilege 1996 WMIC.exe Token: SeShutdownPrivilege 1996 WMIC.exe Token: SeDebugPrivilege 1996 WMIC.exe Token: SeSystemEnvironmentPrivilege 1996 WMIC.exe Token: SeRemoteShutdownPrivilege 1996 WMIC.exe Token: SeUndockPrivilege 1996 WMIC.exe Token: SeManageVolumePrivilege 1996 WMIC.exe Token: 33 1996 WMIC.exe Token: 34 1996 WMIC.exe Token: 35 1996 WMIC.exe Token: 36 1996 WMIC.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2664 wrote to memory of 1944 2664 changePassword.exe 87 PID 2664 wrote to memory of 1944 2664 changePassword.exe 87 PID 1944 wrote to memory of 1996 1944 cmd.exe 88 PID 1944 wrote to memory of 1996 1944 cmd.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\changePassword.exe"C:\Users\Admin\AppData\Local\Temp\changePassword.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2664 -
C:\Windows\system32\cmd.execmd /C wmic /namespace:\\root\wmi PATH MSAcpi_ThermalZoneTemperature get CurrentTemperature2⤵
- Suspicious use of WriteProcessMemory
PID:1944 -
C:\Windows\System32\Wbem\WMIC.exewmic /namespace:\\root\wmi PATH MSAcpi_ThermalZoneTemperature get CurrentTemperature3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1996
-
-