Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
3CSharpDisc...ET.dll
windows10-2004-x64
1Google Chr...te.exe
windows10-2004-x64
7Newtonsoft.Json.dll
windows10-2004-x64
1System Run...or.exe
windows10-2004-x64
1System Run...or.exe
windows10-2004-x64
7System Run...or.pdb
windows10-2004-x64
3System Run...g.json
windows10-2004-x64
3clretwrc.dll
windows10-2004-x64
1clrjit.dll
windows10-2004-x64
1coreclr.dll
windows10-2004-x64
1createdump.exe
windows10-2004-x64
1dbgshim.dll
windows10-2004-x64
1hostfxr.dll
windows10-2004-x64
1hostpolicy.dll
windows10-2004-x64
1Analysis
-
max time kernel
145s -
max time network
179s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
18/11/2023, 04:23
Static task
static1
Behavioral task
behavioral1
Sample
CSharpDiscordWebhook.NET.dll
Resource
win10v2004-20231023-en
Behavioral task
behavioral2
Sample
Google Chrome Update.exe
Resource
win10v2004-20231023-en
Behavioral task
behavioral3
Sample
Newtonsoft.Json.dll
Resource
win10v2004-20231020-en
Behavioral task
behavioral4
Sample
System Runtime Monitor.exe
Resource
win10v2004-20231020-en
Behavioral task
behavioral5
Sample
System Runtime Monitor.exe
Resource
win10v2004-20231020-en
Behavioral task
behavioral6
Sample
System Runtime Monitor.pdb
Resource
win10v2004-20231025-en
Behavioral task
behavioral7
Sample
System Runtime Monitor.runtimeconfig.json
Resource
win10v2004-20231023-en
Behavioral task
behavioral8
Sample
clretwrc.dll
Resource
win10v2004-20231023-en
Behavioral task
behavioral9
Sample
clrjit.dll
Resource
win10v2004-20231025-en
Behavioral task
behavioral10
Sample
coreclr.dll
Resource
win10v2004-20231023-en
Behavioral task
behavioral11
Sample
createdump.exe
Resource
win10v2004-20231023-en
Behavioral task
behavioral12
Sample
dbgshim.dll
Resource
win10v2004-20231020-en
Behavioral task
behavioral13
Sample
hostfxr.dll
Resource
win10v2004-20231020-en
Behavioral task
behavioral14
Sample
hostpolicy.dll
Resource
win10v2004-20231023-en
General
-
Target
Newtonsoft.Json.dll
-
Size
312KB
-
MD5
6dc7988bf02bdccb02c03ccd5cfc856e
-
SHA1
94c503650f7dbff46b92940aca10e33c0ec25e5f
-
SHA256
813f3221c13b52784a6fa8f0a148e829c4d8d1c8886d0bd4d978676195949711
-
SHA512
577bfa142709b3c5119623b7c77d7e385eae512231badece18905a21139b57157c230d72142b551eb809d06c7b7d3f3b83a495d75d3bd0bbed3376c2ecbe7059
-
SSDEEP
6144:BN5uorsKqJVDw3ogTpxzm6kr0tmnXwxHE:9uowKUVWPq7QknA
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeManageVolumePrivilege 2224 svchost.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Newtonsoft.Json.dll,#11⤵PID:4768
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵PID:4336
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2224