Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
07/11/2023, 05:01
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.66ee414aea220e37de34d85eb207dd40.exe
Resource
win10v2004-20231020-en
General
-
Target
NEAS.66ee414aea220e37de34d85eb207dd40.exe
-
Size
407KB
-
MD5
66ee414aea220e37de34d85eb207dd40
-
SHA1
872a052d3d888ad8543f54115318105c9910aa0c
-
SHA256
db5500dbcc8423f01642cea52aa08c5f4a369421a740ce38f40d10d1e135184a
-
SHA512
3eaab021e6292b39c2a056b458aff58f2b0963a677dffd04be81067f482b61950a0d24a8ef91f9fd0a3a567b5b354a9f7ee65dec0aca3892af5ccbcc8998deb4
-
SSDEEP
12288:gxETh9t9h0TnWxKhph5hphxjYWktLpm1EwtLpm1ETYBjvrEH74:mETh9t9h0HktLpwbtLpwIqrEH74
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeManageVolumePrivilege 3764 svchost.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.66ee414aea220e37de34d85eb207dd40.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.66ee414aea220e37de34d85eb207dd40.exe"1⤵PID:1992
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵PID:3852
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3764
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD56186b5e59e26126acaf3e02448fb3e83
SHA16591f1f7a1f859a630c16c4ed8644c9246026a8c
SHA256f04eb05de9a7f452186c312ba7f9ce0ea0a6750d72d6e2c388172c50067ce898
SHA51284b8ee8afd0847fe9dec0ec4d1418d27ef2a68bcd032cd178bef31b24fa2041247ffb3f13ce25ad150111dac78c4376ea0cf407fbba1f4d6f24f479329a1524a