Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
14/11/2023, 19:09
Static task
static1
Behavioral task
behavioral1
Sample
019fb19f194def75f942718737a1d691a9a2eee5f571429e9494a1feec3eecab.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
019fb19f194def75f942718737a1d691a9a2eee5f571429e9494a1feec3eecab.exe
Resource
win10v2004-20231020-en
General
-
Target
019fb19f194def75f942718737a1d691a9a2eee5f571429e9494a1feec3eecab.exe
-
Size
2.6MB
-
MD5
6174f1c61a30552b58e2e747d7815cd5
-
SHA1
465ae65cc7a59d88ec5dc1109bf3be37349c92e2
-
SHA256
019fb19f194def75f942718737a1d691a9a2eee5f571429e9494a1feec3eecab
-
SHA512
7c27c4195af45156250103bdd9264c82606d4f22fb2b84c9c5bcdc5af66281d89c38f1b3cd5198db877294dd3e78c4af10644bb4495fad105e7022972f6fc2b3
-
SSDEEP
49152:SqA6pDItQ7XxeZ0EW8W/ATyvcO4z1Pq3eAQm:SqFDEiAWvcOuPq3eAJ
Malware Config
Signatures
-
Identifies Wine through registry keys 2 TTPs 3 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Software\Wine 019fb19f194def75f942718737a1d691a9a2eee5f571429e9494a1feec3eecab.exe Key opened \REGISTRY\MACHINE\Software\WOW6432Node\Wine 019fb19f194def75f942718737a1d691a9a2eee5f571429e9494a1feec3eecab.exe Key opened \REGISTRY\MACHINE\Software\Wine 019fb19f194def75f942718737a1d691a9a2eee5f571429e9494a1feec3eecab.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1444 019fb19f194def75f942718737a1d691a9a2eee5f571429e9494a1feec3eecab.exe 1444 019fb19f194def75f942718737a1d691a9a2eee5f571429e9494a1feec3eecab.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeManageVolumePrivilege 2532 svchost.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1444 019fb19f194def75f942718737a1d691a9a2eee5f571429e9494a1feec3eecab.exe 1444 019fb19f194def75f942718737a1d691a9a2eee5f571429e9494a1feec3eecab.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\019fb19f194def75f942718737a1d691a9a2eee5f571429e9494a1feec3eecab.exe"C:\Users\Admin\AppData\Local\Temp\019fb19f194def75f942718737a1d691a9a2eee5f571429e9494a1feec3eecab.exe"1⤵
- Identifies Wine through registry keys
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1444
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵PID:2576
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2532
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD54253299b1eb5628ce934689a81989c3a
SHA192a2506a7d784bb0bd17dff3beda3bd1217d0e85
SHA2560e2bcc4abbd5b3cda35e9e236d98b895452b8905d379fcea0805e6a7242eff5d
SHA51227cf9eecbf4d5037a61e056a421858939f760d3491697972cc922c372dc9fe42b75d20f42b891d1f490d6fb4f28d32f4605f19e6d722596b96d498633689eb62