Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    142s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/08/2023, 19:48

General

  • Target

    d8b48498a6bab4c9c59ee9f485669f82996ce1664c317fdb2d371cad9c26a9f5.exe

  • Size

    198KB

  • MD5

    a08860306f327bb3bc7288ee5ab8db13

  • SHA1

    2dee4a68034743b94370a66af2bc8c67179582ad

  • SHA256

    d8b48498a6bab4c9c59ee9f485669f82996ce1664c317fdb2d371cad9c26a9f5

  • SHA512

    4ea26012b30307763c68a44bbee94938bb73bf4844e92eceb00459fe1ca1b9ac21978caabcf9d195586fdc3136cfc84b6813e204afff552a44bb2ed5e0716c15

  • SSDEEP

    6144:rBs27MMLyX5HXXXDTXXXOGqIII+pXXX5AYjKXXXDoXXXG6XXXxXXXLIIIEAkOCO6:rK20HXXX/XXXFqIIIcXXX5j2XXXcXXXL

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d8b48498a6bab4c9c59ee9f485669f82996ce1664c317fdb2d371cad9c26a9f5.exe
    "C:\Users\Admin\AppData\Local\Temp\d8b48498a6bab4c9c59ee9f485669f82996ce1664c317fdb2d371cad9c26a9f5.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1988
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\D8B484~1.EXE > nul
      2⤵
        PID:1592
    • C:\Windows\Debug\akmhost.exe
      C:\Windows\Debug\akmhost.exe
      1⤵
      • Executes dropped EXE
      PID:1504

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\Debug\akmhost.exe

      Filesize

      198KB

      MD5

      190b8f206c1c45c7b0088a05672c7b1f

      SHA1

      de05bcb733fa586e4873a2e139e56922946c4c4a

      SHA256

      e21ecf73252b043f46856327dfe199b80af99eab6fce3a2a6ea3b4cf486148ea

      SHA512

      1abf84149bc6f7b810e9f898e6149603b6fd97333967932ff1e18f7f8a03605fefb24e80f686b0d61de2c102d784b5d2d3cef497fc9ed5f8e6a986b08e287a07

    • C:\Windows\debug\akmhost.exe

      Filesize

      198KB

      MD5

      190b8f206c1c45c7b0088a05672c7b1f

      SHA1

      de05bcb733fa586e4873a2e139e56922946c4c4a

      SHA256

      e21ecf73252b043f46856327dfe199b80af99eab6fce3a2a6ea3b4cf486148ea

      SHA512

      1abf84149bc6f7b810e9f898e6149603b6fd97333967932ff1e18f7f8a03605fefb24e80f686b0d61de2c102d784b5d2d3cef497fc9ed5f8e6a986b08e287a07