Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
24/01/2024, 21:23
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
72e3218ff400a51526f303426e2ab27b.exe
Resource
win7-20231215-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
72e3218ff400a51526f303426e2ab27b.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
72e3218ff400a51526f303426e2ab27b.exe
-
Size
122KB
-
MD5
72e3218ff400a51526f303426e2ab27b
-
SHA1
5230c0b377bc7db47abeed042566288b1ff9ce17
-
SHA256
dda42ac68376dfa74329e74fddbf2211bad64e1c9c818883d4c7adf2543d4e74
-
SHA512
3238063e6516cef82bd72299254e764a49e72635b43b5c19e5eb86dd3e8ad61789202c657f4b238b1ad5d2c1f606ef46fb2f79ad3c0ab24dce174cb1ea2335e5
-
SSDEEP
1536:P/R4jzsoBhAGBJCX6qssASeh5+co/cpACr4Q6QPsgieijcqVit:P/R43/BhhDCXNbco/cpACrUQkgie9q8
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe Token: SeDebugPrivilege 3832 72e3218ff400a51526f303426e2ab27b.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe 3832 72e3218ff400a51526f303426e2ab27b.exe