Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
154s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
05/03/2024, 19:43
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20240221-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
Setup.exe
Resource
win10v2004-20240226-en
3 signatures
150 seconds
General
-
Target
Setup.exe
-
Size
179KB
-
MD5
53db797144ee628724f76a07917f4e4b
-
SHA1
16444fb48395f8d62eaba81928644bee887ff8f8
-
SHA256
61438af9cd79ad931a95c2031542ecf28f03f74a8b1211b9e58072925083a9ad
-
SHA512
94c63780f4ceae3fc10ead6de65deaa72d7a76bf477be1840871dc7a45423eddebb9b09a113c6214a08b67563ddf11dbc33dc073a83a36787171c8b3c9a6c2ed
-
SSDEEP
3072:PYSqXo1jT7uduk58NU99TBCOaJ/iTuu4kOXDM0zqL1cdFfnqncEN41EMXQ3By:t1jT2eUTraJ/iTuJlDMQMFn9MyBy
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeShutdownPrivilege 2836 msiexec.exe Token: SeIncreaseQuotaPrivilege 2836 msiexec.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2836 msiexec.exe 2836 msiexec.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3208 wrote to memory of 2836 3208 Setup.exe 90 PID 3208 wrote to memory of 2836 3208 Setup.exe 90 PID 3208 wrote to memory of 2836 3208 Setup.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3208 -
C:\Windows\SysWOW64\msiexec.exemsiexec.exe /i "Pro Evolution Soccer 2013.msi"2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2836
-