Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
96s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
25/12/2023, 04:45
General
-
Target
05ee6e633e7c5eecfaed281b51bd2047.exe
-
Size
44KB
-
MD5
05ee6e633e7c5eecfaed281b51bd2047
-
SHA1
305087d2a6f1515303e227230ece2942c649086c
-
SHA256
48fe223e0a1579a0c931b440edea83668e00671ee161f33daa27c560d8cb22a1
-
SHA512
0f2bd03451dee62e1c6d6ceb51e0604b1694359ec98ec49e5a06c33da460cdc43a4ef6c688942b2f3e4c70f5064e5d2f1173f231df52dc51407d3d8d4e4a0097
-
SSDEEP
768:IpeBtNUbOERPJCYjDFypeGgvECjugkpprSLUU9UDec:IpMtSbOEdjRypeG0ZjP8OMDec
Score
8/10
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 2 IoCs
-
Drops file in System32 directory 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\05ee6e633e7c5eecfaed281b51bd2047.exe"C:\Users\Admin\AppData\Local\Temp\05ee6e633e7c5eecfaed281b51bd2047.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\{22D6A6CA-F27D-DB40-8986-A0061B9B1DB0}" /f2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\05EE6E~1.EXE > nul2⤵
-