Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
26/12/2023, 08:05
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
5e5f277ef0efedf1f51ed3e3ed193c99.exe
Resource
win7-20231129-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
5e5f277ef0efedf1f51ed3e3ed193c99.exe
Resource
win10v2004-20231215-en
4 signatures
150 seconds
General
-
Target
5e5f277ef0efedf1f51ed3e3ed193c99.exe
-
Size
2.5MB
-
MD5
5e5f277ef0efedf1f51ed3e3ed193c99
-
SHA1
b276ccf028e3e3c543a03e7cab088f9813021bdc
-
SHA256
07a1466ac874355b838eb0c5871bcc00514d749fed184b7aa1f5f02ff7d14787
-
SHA512
fe6139c4d81d56c0d01fe636ea9632763691fe67ae2fc3833a0c7b681c6e5e91fda1f6b31bcfa4dba89034807b8a1886e95bbbe78031c095e885baced0c4e5dd
-
SSDEEP
24576:Biukn3KlrS7AHkwu3sHReZDoasYW+wsDaQw6DDz3qRyPnmGfrnvVUKueY8RmneWR:uKRgsYasY6DwOBfrnvV7UeWtFtI+QFKF
Score
6/10
Malware Config
Signatures
-
Drops desktop.ini file(s) 2 IoCs
description ioc Process File created C:\Windows\assembly\Desktop.ini 5e5f277ef0efedf1f51ed3e3ed193c99.exe File opened for modification C:\Windows\assembly\Desktop.ini 5e5f277ef0efedf1f51ed3e3ed193c99.exe -
Drops file in Windows directory 3 IoCs
description ioc Process File opened for modification C:\Windows\assembly 5e5f277ef0efedf1f51ed3e3ed193c99.exe File created C:\Windows\assembly\Desktop.ini 5e5f277ef0efedf1f51ed3e3ed193c99.exe File opened for modification C:\Windows\assembly\Desktop.ini 5e5f277ef0efedf1f51ed3e3ed193c99.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeRestorePrivilege 3940 dw20.exe Token: SeBackupPrivilege 3940 dw20.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2348 wrote to memory of 3940 2348 5e5f277ef0efedf1f51ed3e3ed193c99.exe 22 PID 2348 wrote to memory of 3940 2348 5e5f277ef0efedf1f51ed3e3ed193c99.exe 22 PID 2348 wrote to memory of 3940 2348 5e5f277ef0efedf1f51ed3e3ed193c99.exe 22
Processes
-
C:\Users\Admin\AppData\Local\Temp\5e5f277ef0efedf1f51ed3e3ed193c99.exe"C:\Users\Admin\AppData\Local\Temp\5e5f277ef0efedf1f51ed3e3ed193c99.exe"1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2348 -
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exedw20.exe -x -s 8322⤵
- Suspicious use of AdjustPrivilegeToken
PID:3940
-