Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
135s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system -
submitted
14/06/2023, 13:32
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
dcomcnfg.exe
Resource
win7-20230220-en
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
dcomcnfg.exe
Resource
win10v2004-20230221-en
6 signatures
150 seconds
General
-
Target
dcomcnfg.exe
-
Size
8KB
-
MD5
7f3d01a6f054e0330bc798739aef0297
-
SHA1
bb9e1c933707d97b70bf8bd953aae327ad3444a7
-
SHA256
697f8971fef82519003b974ebd3fe162396846b2557f5879d36b8f4a7131dfbd
-
SHA512
ccd59f1921e12a812f0010002051916d69b0bf3798170651440b6685a0b7aed69da27548f2e5f4065fb4a74a986dffafdf785532ed29379d31727b9948814007
-
SSDEEP
96:nSt3Fxv37bV+O3BcKcss+ViUZCEV/kX2jF4CUxJEmVAVKWLDP2LVD7KkBBEWGcEr:Slf3woigsyx9rUxJEmVMKWSfsWGcEWN
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
description ioc Process File opened for modification C:\Windows\system32\comexp.msc mmc.exe File opened for modification C:\Windows\system32\MSDtc\MSDTC.LOG msdtc.exe -
Drops file in Windows directory 3 IoCs
description ioc Process File created C:\Windows\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{882A7D36-6F6E-46CE-984A-8822BEE6257E}.crmlog dllhost.exe File opened for modification C:\Windows\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{882A7D36-6F6E-46CE-984A-8822BEE6257E}.crmlog dllhost.exe File opened for modification C:\Windows\DtcInstall.log msdtc.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3772 mmc.exe -
Suspicious use of AdjustPrivilegeToken 11 IoCs
description pid Process Token: SeSecurityPrivilege 3772 mmc.exe Token: 33 3772 mmc.exe Token: SeIncBasePriorityPrivilege 3772 mmc.exe Token: 33 3772 mmc.exe Token: SeIncBasePriorityPrivilege 3772 mmc.exe Token: 33 3772 mmc.exe Token: SeIncBasePriorityPrivilege 3772 mmc.exe Token: 33 3772 mmc.exe Token: SeIncBasePriorityPrivilege 3772 mmc.exe Token: 33 3772 mmc.exe Token: SeIncBasePriorityPrivilege 3772 mmc.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 3772 mmc.exe 3772 mmc.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 4980 wrote to memory of 3772 4980 dcomcnfg.exe 83 PID 4980 wrote to memory of 3772 4980 dcomcnfg.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\dcomcnfg.exe"C:\Users\Admin\AppData\Local\Temp\dcomcnfg.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4980 -
C:\Windows\system32\mmc.exeC:\Windows\system32\mmc.exe C:\Windows\system32\comexp.msc2⤵
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3772
-
-
C:\Windows\system32\dllhost.exeC:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}1⤵
- Drops file in Windows directory
PID:552
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:3612