Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

53e887ca2d...bf.exe

windows7-x64

7

53e887ca2d...bf.exe

windows10-2004-x64

7

$PLUGINSDI...in.dll

windows7-x64

3

$PLUGINSDI...in.dll

windows10-2004-x64

3

$TEMP/Inst...er.exe

windows7-x64

3

$TEMP/Inst...er.exe

windows10-2004-x64

3

$TEMP/Mcci...ce.exe

windows7-x64

1

$TEMP/Mcci...ce.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    141s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/01/2024, 15:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $TEMP/McciCMService.exe

  • Size

    312KB

  • MD5

    e6cb119ef2e148eaa1a247343550756e

  • SHA1

    951ef11504f74bd0e85128af53f0c54eb95b43f9

  • SHA256

    11729fda2d41d00b43107391416651e674f23de21d398da299ffff61032a98d0

  • SHA512

    7e6d8eb361965e1d84445e0b6464566cb7c69dc9e0d198233dd413dc8afe3fcc617991e8d3809863481910aef8e80b98b4cf52b1aaf72ec5831a70f0e029df51

  • SSDEEP

    3072:6p7n+uk//B5FIMhwEPgeGq9G23uzT+2AMz5GNx/f5EYJD8ov4ldbVMW3xzhZughg:+n+uk/pbIMd9G23Vid+DyIIlF9zGBpX

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$TEMP\McciCMService.exe
    "C:\Users\Admin\AppData\Local\Temp\$TEMP\McciCMService.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2624

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads