Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
05/11/2023, 08:24
231105-katc9sfa72 305/11/2023, 08:20
231105-j8wevadb31 305/11/2023, 08:18
231105-j7qszada9x 3Analysis
-
max time kernel
210s -
max time network
200s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
05/11/2023, 08:18
Static task
static1
Behavioral task
behavioral1
Sample
gjgkqcnicnlpa6vp.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
gjgkqcnicnlpa6vp.exe
Resource
win10v2004-20231020-en
General
-
Target
gjgkqcnicnlpa6vp.exe
-
Size
8.1MB
-
MD5
b59986274ba7b0d065874f38e62ce35f
-
SHA1
84707eaa115b0f681627a8e3ac8a97aee23fcb3b
-
SHA256
208711fd8c34b70281f67d99871976e0b35c5ffe5465906e63be6a943888129e
-
SHA512
771dc948b38c2354b5b8116e6509c74b3d9cc2e8c751aa3cc93431db8f6a6ab8a966939814dc8ae46c47f47ba358e829ce925627a5de116690920340aaf50186
-
SSDEEP
196608:v3nJLovsDgzFQPu145/kO+FI/bvdIXG6/8PScsVtGZq:vnXgzCK45/kOsI/hI26/8Pt0t
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeManageVolumePrivilege 4604 svchost.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\gjgkqcnicnlpa6vp.exe"C:\Users\Admin\AppData\Local\Temp\gjgkqcnicnlpa6vp.exe"1⤵PID:3848
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵PID:3660
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4604
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD586ab75557703b4c5a59ac402ccd749ba
SHA14853bfbf499e4d6b275b4af29f9d1f69b89c1e6a
SHA2560a26439513123491ccaddb07c50f2c7c1df1addd3ac5b01cd00f61914446e2a8
SHA5129983aee72e3e58c766f4e6f4fbac7418bed8957584623e1582ff46e8fd1863fbd336d87cbc12f91e57d76ba7befa28baec83f70d30ffec71e8c3ab155a44004b