Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

wsus.exe

windows7-x64

1

wsus.exe

windows10-2004-x64

1

Resubmissions

14/03/2023, 05:39

230314-gcdttafg7s 1

14/03/2023, 05:36

230314-gan7rsdf74 1

Analysis

  • max time kernel
    222s
  • max time network
    225s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/03/2023, 05:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    wsus.exe

  • Size

    13KB

  • MD5

    cab5fc7334d83e72802bfb4150b77190

  • SHA1

    cad8ec659310a3284e5875ff58f1a33ce9755a0e

  • SHA256

    c2a9988fce8ebc0fddb0335df67f16dce0ed7b0cdfb9219ba7a0eb982beb06ed

  • SHA512

    0ba71d8664443eb306951c69c532e49cae512426e75a320c0954ea328ac01955ddf852abd69fa60c8cbddba3c9eb1d209cca0206d2a5bbbc22f011e564d908f6

  • SSDEEP

    192:kui32jEkL5QgZHwl8j7Mlmiocon/DjO7Rsqeirv0l4ydSaJ0vbE5pz68JoZZLW3H:TE+5VHwa7CFocs/DjZqPcNSaJ0vbrT

Score
1/10

Malware Config

Signatures

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 51 IoCs
  • Suspicious use of SendNotifyMessage 51 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\wsus.exe
    "C:\Users\Admin\AppData\Local\Temp\wsus.exe"
    1⤵
      PID:4676
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:3092
      • C:\Users\Admin\AppData\Local\Temp\wsus.exe
        "C:\Users\Admin\AppData\Local\Temp\wsus.exe"
        1⤵
          PID:1692
        • C:\Users\Admin\AppData\Local\Temp\wsus.exe
          "C:\Users\Admin\AppData\Local\Temp\wsus.exe"
          1⤵
            PID:1296
          • C:\Users\Admin\AppData\Local\Temp\wsus.exe
            "C:\Users\Admin\AppData\Local\Temp\wsus.exe"
            1⤵
              PID:4500
            • C:\Users\Admin\AppData\Local\Temp\wsus.exe
              "C:\Users\Admin\AppData\Local\Temp\wsus.exe"
              1⤵
                PID:5032
              • C:\Windows\system32\taskmgr.exe
                "C:\Windows\system32\taskmgr.exe" /4
                1⤵
                • Checks SCSI registry key(s)
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious behavior: GetForegroundWindowSpam
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of FindShellTrayWindow
                • Suspicious use of SendNotifyMessage
                PID:2172
              • C:\Users\Admin\AppData\Local\Temp\wsus.exe
                "C:\Users\Admin\AppData\Local\Temp\wsus.exe"
                1⤵
                  PID:1380
                • C:\Users\Admin\AppData\Local\Temp\wsus.exe
                  "C:\Users\Admin\AppData\Local\Temp\wsus.exe"
                  1⤵
                    PID:2500

                  Network

                  MITRE ATT&CK Enterprise v6

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • memory/2172-133-0x000001F7FDB00000-0x000001F7FDB01000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/2172-134-0x000001F7FDB00000-0x000001F7FDB01000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/2172-135-0x000001F7FDB00000-0x000001F7FDB01000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/2172-139-0x000001F7FDB00000-0x000001F7FDB01000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/2172-140-0x000001F7FDB00000-0x000001F7FDB01000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/2172-141-0x000001F7FDB00000-0x000001F7FDB01000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/2172-142-0x000001F7FDB00000-0x000001F7FDB01000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/2172-143-0x000001F7FDB00000-0x000001F7FDB01000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/2172-144-0x000001F7FDB00000-0x000001F7FDB01000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/2172-145-0x000001F7FDB00000-0x000001F7FDB01000-memory.dmp

                    Filesize

                    4KB

                    Download