Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30/12/2023, 08:20
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
1343d504a25ad50ee1aa55d0355805fc.exe
Resource
win7-20231215-en
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
1343d504a25ad50ee1aa55d0355805fc.exe
Resource
win10v2004-20231215-en
4 signatures
150 seconds
General
-
Target
1343d504a25ad50ee1aa55d0355805fc.exe
-
Size
316KB
-
MD5
1343d504a25ad50ee1aa55d0355805fc
-
SHA1
9857d3b4d75e5c03ddc58dbe111db407c55f0ab1
-
SHA256
953b9245093eee2b5ed8608b70c93db53ee73d2b28eb8da49412b4ad791b3b52
-
SHA512
267ce23c24c92e59d18bf590b8315736b958701ca245d12bf8d64234151233c54e453b7d0e225cd165e0f7c78319886c5326b7f33d2c3562f13b28078fb76869
-
SSDEEP
6144:FUORK1ttbV3kSobTYZGiNdniCoh+KiEIiexT4:FytbV3kSoXaLnToslbi3
Score
1/10
Malware Config
Signatures
-
Runs ping.exe 1 TTPs 1 IoCs
pid Process 752 PING.EXE -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2348 1343d504a25ad50ee1aa55d0355805fc.exe 2348 1343d504a25ad50ee1aa55d0355805fc.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2348 1343d504a25ad50ee1aa55d0355805fc.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2348 wrote to memory of 1628 2348 1343d504a25ad50ee1aa55d0355805fc.exe 89 PID 2348 wrote to memory of 1628 2348 1343d504a25ad50ee1aa55d0355805fc.exe 89 PID 1628 wrote to memory of 752 1628 cmd.exe 91 PID 1628 wrote to memory of 752 1628 cmd.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\1343d504a25ad50ee1aa55d0355805fc.exe"C:\Users\Admin\AppData\Local\Temp\1343d504a25ad50ee1aa55d0355805fc.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2348 -
C:\Windows\SYSTEM32\cmd.execmd.exe /C ping 1.1.1.1 -n 1 -w 6000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\1343d504a25ad50ee1aa55d0355805fc.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:1628 -
C:\Windows\system32\PING.EXEping 1.1.1.1 -n 1 -w 60003⤵
- Runs ping.exe
PID:752
-
-