Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
02/11/2023, 13:35
General
-
Target
NEAS.44f5bf12b9401bd846da987a5897c320_JC.exe
-
Size
1.3MB
-
MD5
44f5bf12b9401bd846da987a5897c320
-
SHA1
14affd6bfd65cc42a5ba63fe3565b04c442befbd
-
SHA256
168b6f5290b4597c9906d53224cee5ddda5489c4f1062fd6bb94f9c31bf081c1
-
SHA512
54683940232e946451b3b22d5dca3f95f93f42521120903c1c7f982c04e72da47a37d5302de4fd0edc37f182b4a95fc4685680984841442e007def37dcb760c8
-
SSDEEP
24576:Z9ypVnBJhpRCSK1nwHI7njknrk+ctdTavxxaLIdJBV1Ls2wBP:Z9U2P14OIn4FT6xxaLsJBV1Ls2wB
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 43 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.44f5bf12b9401bd846da987a5897c320_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.44f5bf12b9401bd846da987a5897c320_JC.exe"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\Wbem\wmic.exe"wmic" /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List2⤵
- Suspicious use of AdjustPrivilegeToken
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
435B
MD5edf1b30380d67534a84b4cc11eee3634
SHA1241b293a60499b6dc6d3cad94ec92b9495272a8c
SHA256c517c333ca6eed5df2a1f49f54a2d36cd3bad42bfa00bbcfbf93179da5f5fd09
SHA512decf53c1c9c5aef8be82499fa77c3e2d10ca803779716508d1b1bdb58117365e5e2e176333665fd30af3cae68f596d295f90a154a06f526846b5966887844c14