Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
24/12/2023, 12:50
Static task
static1
Behavioral task
behavioral1
Sample
App/DontSleep/DontSleep_p.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
App/DontSleep/DontSleep_p.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
App/DontSleep/DontSleep_x64_p.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral4
Sample
App/DontSleep/DontSleep_x64_p.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
DontSleepPortable.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral6
Sample
DontSleepPortable.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
App/DontSleep/DontSleep_p.exe
-
Size
300KB
-
MD5
bec39c09b64a62527c15403da77623db
-
SHA1
ea71ec317002ce4d72a9e894f4b447a55452daea
-
SHA256
5b97b4f1806a67dbba0ee01c6185b244be9839828380e2c705fa0a9fd9c246f3
-
SHA512
34669c5157e7a03c3107faa714cf0a20a8ea3aa2bcb238301939e2ebee3d9e2627f60ed308104e2abb77e60071b28e501411452b18e98adbb5e48311903650d8
-
SSDEEP
6144:Tx5DK+FZkSC/1e83pnqL/ICJYGDr9gedCoUv2YFsuH+BGrAL:cTj3pwnoHOY9T8L
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 8 IoCs
description pid Process Token: SeShutdownPrivilege 1428 DontSleep_p.exe Token: SeShutdownPrivilege 1428 DontSleep_p.exe Token: SeShutdownPrivilege 1428 DontSleep_p.exe Token: SeShutdownPrivilege 1428 DontSleep_p.exe Token: SeShutdownPrivilege 1428 DontSleep_p.exe Token: SeShutdownPrivilege 1428 DontSleep_p.exe Token: SeCreatePagefilePrivilege 1428 DontSleep_p.exe Token: SeManageVolumePrivilege 2232 svchost.exe -
Suspicious use of FindShellTrayWindow 36 IoCs
pid Process 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe -
Suspicious use of SendNotifyMessage 36 IoCs
pid Process 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1428 DontSleep_p.exe 1428 DontSleep_p.exe 1428 DontSleep_p.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\App\DontSleep\DontSleep_p.exe"C:\Users\Admin\AppData\Local\Temp\App\DontSleep\DontSleep_p.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1428
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵PID:6028
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2232
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
25B
MD571bfa4b1b2a2049befa50a86463a014f
SHA18ca6218c1f92b40da01501e18786cc2724e4c769
SHA256a4683279940ca2ea6c25b63f07f41d7e2eab4ac3246ff57c8c771e7c923abd29
SHA512574ccbc6a9387eed4e74af3e06a5023db1f74e24a8a9f3e9a96bee77483c3e5da257df4ff7976f7e389f51ec9ca89c56b103186fe499f5f3839738cafe657735