Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

NSudo.exe

windows7-x64

6

NSudo.exe

windows10-2004-x64

1

Resubmissions

11/01/2024, 13:55

240111-q78r4shhc7 6

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    11/01/2024, 13:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NSudo.exe

  • Size

    174KB

  • MD5

    423129ddb24fb923f35b2dd5787b13dd

  • SHA1

    575e57080f33fa87a8d37953e973d20f5ad80cfd

  • SHA256

    5094ad359d8cf6dc5324598605c35f68519cc5af9c7ed5427e02a6b28121e4c7

  • SHA512

    d3f904c944281e9be9788acea9cd31f563c5a764e927bcda7bae6bedcc6ae550c0809e49fd2cf00d9e143281d08522a4f484acc8d90b37111e2c737e91ae21ce

  • SSDEEP

    3072:XVLC09ymR7sITY17jR7h05cDnxngU9yInRU+Wi+StbaoJLQfo8BuA6N3ls:XT9yO7sITYNmYnbyInRU+Wi+StbaoJLR

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NSudo.exe
    "C:\Users\Admin\AppData\Local\Temp\NSudo.exe"
    1⤵
    • Enumerates connected drives
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:2432

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2432-0-0x00000000000E0000-0x00000000000E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2432-1-0x0000000003E30000-0x0000000003E40000-memory.dmp

    Filesize

    64KB

    Download