Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
134s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
30/12/2023, 09:18
Behavioral task
behavioral1
Sample
144d34c6fc809770681889c28ddefadd.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
144d34c6fc809770681889c28ddefadd.exe
Resource
win10v2004-20231222-en
General
-
Target
144d34c6fc809770681889c28ddefadd.exe
-
Size
91KB
-
MD5
144d34c6fc809770681889c28ddefadd
-
SHA1
e987ec191699c99002ac371be559f78d73c81d0a
-
SHA256
399d7f2ae9cbb0395cf1d49299aa74dfc31c9cd1674e00e1b9edd46b16ee6216
-
SHA512
d214b282f74963c0fcfe967acd603f475b19e19ffc240a69eadde3d10a8bb5086cf1a8c572497789274c9bff32e586430acde0be825f6ca36377a23c801bf605
-
SSDEEP
1536:DLJsQn+4g1FqgL3zQaP/+55ubKhZZaA9NWFNRbdmR7z+GrdODncNO1b3My8:32qgLEaXbCZZhwmx+GCncNYb8y
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
pid Process 2124 kernl32.exe 2296 svchost.exe -
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\SysWOW64\kernl32.exe 144d34c6fc809770681889c28ddefadd.exe File opened for modification C:\Windows\SysWOW64\kernl32.exe 144d34c6fc809770681889c28ddefadd.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\svchost.exe 144d34c6fc809770681889c28ddefadd.exe File opened for modification C:\Windows\svchost.exe 144d34c6fc809770681889c28ddefadd.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2124 kernl32.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\144d34c6fc809770681889c28ddefadd.exe"C:\Users\Admin\AppData\Local\Temp\144d34c6fc809770681889c28ddefadd.exe"1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:1680
-
C:\Windows\svchost.exeC:\Windows\svchost.exe1⤵
- Executes dropped EXE
PID:2296
-
C:\Windows\SysWOW64\kernl32.exeC:\Windows\SysWOW64\kernl32.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2124
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD52b6d7a4375c2500c45340123d214fc9e
SHA1cb41ec49c15d1d6fd6b09e6cb045a772e23b25bd
SHA2569bf2f4735ad8ade0baf9fc46e94786f1e9824abf4c38ecbd3a6d4fb3c4cd89d6
SHA5124a6491e427ba2e588fc3f620ed244a4a685dfea4c3d3a37e34d4a1a99aa9baeb9ffb66ddef418acfaa0119652a7d14b03c078a70383e0db51229739eeeb0a395