Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
11/01/2024, 13:05
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
5398a651ad739168881721fe2b236024.exe
Resource
win7-20231129-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
5398a651ad739168881721fe2b236024.exe
Resource
win10v2004-20231222-en
4 signatures
150 seconds
General
-
Target
5398a651ad739168881721fe2b236024.exe
-
Size
271KB
-
MD5
5398a651ad739168881721fe2b236024
-
SHA1
488759273e26c6962ef7cfb55c0e90df6afe2d29
-
SHA256
79e89605c7f35eabcfdb5cde52812ecdb7b1b9a0bccd545db15f96fc66521c78
-
SHA512
0d4bcf0dabce89aceed14a4d64133ca1e5dea6f066bffc07185a27c6d9aae5cc803e148d42fe057bed1227b9b0bef29e1783cca4baf5a45739a146de648709bc
-
SSDEEP
6144:/FqlaakfXJgJLq+gRk13o+qOeq18owv7toL+9WXY41czfGZFYdyLnywxv:/caDg1q+74+C+S799wY4ObGh
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\bootwindows.exe 5398a651ad739168881721fe2b236024.exe File opened for modification C:\Windows\bootwindows.exe 5398a651ad739168881721fe2b236024.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2940 5398a651ad739168881721fe2b236024.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2940 5398a651ad739168881721fe2b236024.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 2940 wrote to memory of 1340 2940 5398a651ad739168881721fe2b236024.exe 6 PID 2940 wrote to memory of 1340 2940 5398a651ad739168881721fe2b236024.exe 6
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1340
-
C:\Users\Admin\AppData\Local\Temp\5398a651ad739168881721fe2b236024.exe"C:\Users\Admin\AppData\Local\Temp\5398a651ad739168881721fe2b236024.exe"2⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2940
-