Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
01/02/2024, 09:41
Static task
static1
Behavioral task
behavioral1
Sample
8691cedae9f9b11a4b4c8c9f7cdb3171.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
8691cedae9f9b11a4b4c8c9f7cdb3171.exe
Resource
win10v2004-20231215-en
General
-
Target
8691cedae9f9b11a4b4c8c9f7cdb3171.exe
-
Size
7.0MB
-
MD5
8691cedae9f9b11a4b4c8c9f7cdb3171
-
SHA1
b75c27f11680c9a2f8c65cf3a2d84a04538a394f
-
SHA256
d2a8a300aac8a0b25fee60ac3970149caa0670d33b37b7922b41b689e7ae3504
-
SHA512
16e0e130141201a882166aaef5173f3085e2ebe09c9bfa5213ea2f275701318d48c747e7d3df49faec487dd5455a09d3a9e1edcc76348e666ab21959f339bf84
-
SSDEEP
196608:ctEQzd/Cvy7n1t/TOsSLpR8vwuN58Ipt:2ELOxSNyvlZ
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\G: 8691cedae9f9b11a4b4c8c9f7cdb3171.exe File opened (read-only) \??\R: 8691cedae9f9b11a4b4c8c9f7cdb3171.exe File opened (read-only) \??\V: 8691cedae9f9b11a4b4c8c9f7cdb3171.exe File opened (read-only) \??\Z: 8691cedae9f9b11a4b4c8c9f7cdb3171.exe File opened (read-only) \??\N: 8691cedae9f9b11a4b4c8c9f7cdb3171.exe File opened (read-only) \??\Q: 8691cedae9f9b11a4b4c8c9f7cdb3171.exe File opened (read-only) \??\T: 8691cedae9f9b11a4b4c8c9f7cdb3171.exe File opened (read-only) \??\U: 8691cedae9f9b11a4b4c8c9f7cdb3171.exe File opened (read-only) \??\A: 8691cedae9f9b11a4b4c8c9f7cdb3171.exe File opened (read-only) \??\E: 8691cedae9f9b11a4b4c8c9f7cdb3171.exe File opened (read-only) \??\H: 8691cedae9f9b11a4b4c8c9f7cdb3171.exe File opened (read-only) \??\L: 8691cedae9f9b11a4b4c8c9f7cdb3171.exe File opened (read-only) \??\Y: 8691cedae9f9b11a4b4c8c9f7cdb3171.exe File opened (read-only) \??\K: 8691cedae9f9b11a4b4c8c9f7cdb3171.exe File opened (read-only) \??\S: 8691cedae9f9b11a4b4c8c9f7cdb3171.exe File opened (read-only) \??\W: 8691cedae9f9b11a4b4c8c9f7cdb3171.exe File opened (read-only) \??\X: 8691cedae9f9b11a4b4c8c9f7cdb3171.exe File opened (read-only) \??\O: 8691cedae9f9b11a4b4c8c9f7cdb3171.exe File opened (read-only) \??\P: 8691cedae9f9b11a4b4c8c9f7cdb3171.exe File opened (read-only) \??\B: 8691cedae9f9b11a4b4c8c9f7cdb3171.exe File opened (read-only) \??\I: 8691cedae9f9b11a4b4c8c9f7cdb3171.exe File opened (read-only) \??\J: 8691cedae9f9b11a4b4c8c9f7cdb3171.exe File opened (read-only) \??\M: 8691cedae9f9b11a4b4c8c9f7cdb3171.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4068 8691cedae9f9b11a4b4c8c9f7cdb3171.exe 4068 8691cedae9f9b11a4b4c8c9f7cdb3171.exe 4068 8691cedae9f9b11a4b4c8c9f7cdb3171.exe 4068 8691cedae9f9b11a4b4c8c9f7cdb3171.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
description pid Process Token: SeDebugPrivilege 4068 8691cedae9f9b11a4b4c8c9f7cdb3171.exe Token: SeShutdownPrivilege 4068 8691cedae9f9b11a4b4c8c9f7cdb3171.exe Token: SeCreatePagefilePrivilege 4068 8691cedae9f9b11a4b4c8c9f7cdb3171.exe Token: SeShutdownPrivilege 4068 8691cedae9f9b11a4b4c8c9f7cdb3171.exe Token: SeCreatePagefilePrivilege 4068 8691cedae9f9b11a4b4c8c9f7cdb3171.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
9KB
MD57050d5ae8acfbe560fa11073fef8185d
SHA15bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b