Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    118s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 23:11

General

  • Target

    1f8ebebfebe0235df55369cd93f192da.exe

  • Size

    22KB

  • MD5

    1f8ebebfebe0235df55369cd93f192da

  • SHA1

    14d569ca5591e76eae4de239b6388e17e18002fb

  • SHA256

    9546dd10add0627b90d1c78b49317a7c65af2abd0a77aaedbf0e0cc67191526e

  • SHA512

    4340ca20925a354df387054ca7edcf4d357e8df5a928b4bf2d6679cdf3903856da7d7487a149435b4b4b791c8f1c1ed647c394497877708a993fd1840294d18c

  • SSDEEP

    384:JK8PqBSX6/WQMgSB5S+iRvOResMKjKAMz3q+gIWL5r:MSCu5QyB59iRYDKY5r

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Kills process with taskkill 10 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of WriteProcessMemory 40 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1f8ebebfebe0235df55369cd93f192da.exe
    "C:\Users\Admin\AppData\Local\Temp\1f8ebebfebe0235df55369cd93f192da.exe"
    1⤵
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:2132
    • C:\Windows\SysWOW64\taskkill.exe
      "C:\Windows\System32\taskkill.exe" -IM "aswUpdSv.exe" /F
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2168
    • C:\Windows\SysWOW64\taskkill.exe
      "C:\Windows\System32\taskkill.exe" -IM "zlclient.exe" /F
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:1936
    • C:\Windows\SysWOW64\taskkill.exe
      "C:\Windows\System32\taskkill.exe" -IM "ashWebSv.exe" /F
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2328
    • C:\Windows\SysWOW64\taskkill.exe
      "C:\Windows\System32\taskkill.exe" -IM "ashDisp.exe" /F
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2832
    • C:\Windows\SysWOW64\taskkill.exe
      "C:\Windows\System32\taskkill.exe" -IM "avgas.exe" /F
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2764
    • C:\Windows\SysWOW64\taskkill.exe
      "C:\Windows\System32\taskkill.exe" -IM "ashMaiSv.exe" /F
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2840
    • C:\Windows\SysWOW64\taskkill.exe
      "C:\Windows\System32\taskkill.exe" -IM "ashMaiSv.exe" /F
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2848
    • C:\Windows\SysWOW64\taskkill.exe
      "C:\Windows\System32\taskkill.exe" -IM "vsmon.exe" /F
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2712
    • C:\Windows\SysWOW64\taskkill.exe
      "C:\Windows\System32\taskkill.exe" -IM "guard.exe" /F
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2716
    • C:\Windows\SysWOW64\taskkill.exe
      "C:\Windows\System32\taskkill.exe" -IM "ashMaiSv.exe" /F
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2704

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads