Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
18/09/2023, 11:22 UTC
230918-ngklgsgh6w 818/09/2023, 11:20 UTC
230918-nfx57agh51 718/09/2023, 04:17 UTC
230918-ewdbaaeh8s 3Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
18/09/2023, 04:17 UTC
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
LCALPC.exe
Resource
win7-20230831-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
LCALPC.exe
Resource
win10v2004-20230915-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
LCALPC.exe
-
Size
3.3MB
-
MD5
4c268a0c963b7809565ce22c296a8c79
-
SHA1
8c218f1d34d56a4feae367e019c958175286c993
-
SHA256
112a0ff26e12fdd7fd499eec86d2050fa12eb5d9a74ec9f5cfc820c676f88409
-
SHA512
1e6372a932832e4df14adb7d584fce6d594571354d753af597a46f60936d4d492543d07f3158c3c4b85dd8303300095d090b28b08426415c0305bd06b095f851
-
SSDEEP
49152:XX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QB:XlRsZ47/QXoHUOfAoj1x6B
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2040 LCALPC.exe -
Suspicious use of AdjustPrivilegeToken 40 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 2300 wmic.exe Token: SeSecurityPrivilege 2300 wmic.exe Token: SeTakeOwnershipPrivilege 2300 wmic.exe Token: SeLoadDriverPrivilege 2300 wmic.exe Token: SeSystemProfilePrivilege 2300 wmic.exe Token: SeSystemtimePrivilege 2300 wmic.exe Token: SeProfSingleProcessPrivilege 2300 wmic.exe Token: SeIncBasePriorityPrivilege 2300 wmic.exe Token: SeCreatePagefilePrivilege 2300 wmic.exe Token: SeBackupPrivilege 2300 wmic.exe Token: SeRestorePrivilege 2300 wmic.exe Token: SeShutdownPrivilege 2300 wmic.exe Token: SeDebugPrivilege 2300 wmic.exe Token: SeSystemEnvironmentPrivilege 2300 wmic.exe Token: SeRemoteShutdownPrivilege 2300 wmic.exe Token: SeUndockPrivilege 2300 wmic.exe Token: SeManageVolumePrivilege 2300 wmic.exe Token: 33 2300 wmic.exe Token: 34 2300 wmic.exe Token: 35 2300 wmic.exe Token: SeIncreaseQuotaPrivilege 2300 wmic.exe Token: SeSecurityPrivilege 2300 wmic.exe Token: SeTakeOwnershipPrivilege 2300 wmic.exe Token: SeLoadDriverPrivilege 2300 wmic.exe Token: SeSystemProfilePrivilege 2300 wmic.exe Token: SeSystemtimePrivilege 2300 wmic.exe Token: SeProfSingleProcessPrivilege 2300 wmic.exe Token: SeIncBasePriorityPrivilege 2300 wmic.exe Token: SeCreatePagefilePrivilege 2300 wmic.exe Token: SeBackupPrivilege 2300 wmic.exe Token: SeRestorePrivilege 2300 wmic.exe Token: SeShutdownPrivilege 2300 wmic.exe Token: SeDebugPrivilege 2300 wmic.exe Token: SeSystemEnvironmentPrivilege 2300 wmic.exe Token: SeRemoteShutdownPrivilege 2300 wmic.exe Token: SeUndockPrivilege 2300 wmic.exe Token: SeManageVolumePrivilege 2300 wmic.exe Token: 33 2300 wmic.exe Token: 34 2300 wmic.exe Token: 35 2300 wmic.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2040 wrote to memory of 2300 2040 LCALPC.exe 29 PID 2040 wrote to memory of 2300 2040 LCALPC.exe 29 PID 2040 wrote to memory of 2300 2040 LCALPC.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\LCALPC.exe"C:\Users\Admin\AppData\Local\Temp\LCALPC.exe"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:2040 -
C:\Windows\system32\wbem\wmic.exewmic os get oslanguage /FORMAT:LIST2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2300
-