Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
137s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
12/10/2023, 15:06
Static task
static1
Behavioral task
behavioral1
Sample
1b1d4e1afe74586c6edcaa4714c695c8c8b8a96b2b6860ebe69c2d11be8c6886.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
1b1d4e1afe74586c6edcaa4714c695c8c8b8a96b2b6860ebe69c2d11be8c6886.exe
Resource
win10v2004-20230915-en
General
-
Target
1b1d4e1afe74586c6edcaa4714c695c8c8b8a96b2b6860ebe69c2d11be8c6886.exe
-
Size
1.3MB
-
MD5
cef58152e7b2e3a5b093f851a448eb08
-
SHA1
913878c026e9ce9444b980f3a61323c29c8f7dcb
-
SHA256
1b1d4e1afe74586c6edcaa4714c695c8c8b8a96b2b6860ebe69c2d11be8c6886
-
SHA512
0d3ebf3a8f3e6eaae616e7608ae3abefb8138d8e27568ca25bad3ffee1b476aed12f488261934d484befe3a551fa4d89aea20470bd5a2f530242137220749710
-
SSDEEP
24576:TkCKAB0b56wBouJ93vrIdpRxmm1EH2JXD:TxKk0dzBoqvMpRx31Y2JXD
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3436 alg.exe -
Drops file in System32 directory 4 IoCs
description ioc Process File opened for modification C:\Windows\System32\alg.exe 1b1d4e1afe74586c6edcaa4714c695c8c8b8a96b2b6860ebe69c2d11be8c6886.exe File opened for modification C:\Windows\system32\AppVClient.exe 1b1d4e1afe74586c6edcaa4714c695c8c8b8a96b2b6860ebe69c2d11be8c6886.exe File opened for modification C:\Windows\system32\dllhost.exe 1b1d4e1afe74586c6edcaa4714c695c8c8b8a96b2b6860ebe69c2d11be8c6886.exe File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe 1b1d4e1afe74586c6edcaa4714c695c8c8b8a96b2b6860ebe69c2d11be8c6886.exe -
Suspicious behavior: LoadsDriver 2 IoCs
pid Process 676 Process not Found 676 Process not Found -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 5040 1b1d4e1afe74586c6edcaa4714c695c8c8b8a96b2b6860ebe69c2d11be8c6886.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\1b1d4e1afe74586c6edcaa4714c695c8c8b8a96b2b6860ebe69c2d11be8c6886.exe"C:\Users\Admin\AppData\Local\Temp\1b1d4e1afe74586c6edcaa4714c695c8c8b8a96b2b6860ebe69c2d11be8c6886.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:5040
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
PID:3436
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD5dbf1d6234080736d98f373bc32650f67
SHA19ef90891c792e17700e82ad498020fb484172129
SHA25653dd7520d7363e559389510c7ec02584ad3914f63ac87e22f93fc439075247f3
SHA51215b7bf5799ffef57748217c4c0b8dac3eae6e9463d48126d92f457f813fb22da15de08543d421f8177d63c9929e2b8bb7dc43c57a8780ec0855c2b64205caf35