Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
07/03/2024, 16:07
Static task
static1
Behavioral task
behavioral1
Sample
ae4ffdd6e3c5eb0b0f43e9207508a047b254d117b24779b29f882fd1ade8ad36.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ae4ffdd6e3c5eb0b0f43e9207508a047b254d117b24779b29f882fd1ade8ad36.exe
Resource
win10v2004-20240226-en
General
-
Target
ae4ffdd6e3c5eb0b0f43e9207508a047b254d117b24779b29f882fd1ade8ad36.exe
-
Size
716KB
-
MD5
8f018fea9deea4bf8b2534602664d923
-
SHA1
e415ee8962fc61d62b00ad23972b176ea9ff6314
-
SHA256
ae4ffdd6e3c5eb0b0f43e9207508a047b254d117b24779b29f882fd1ade8ad36
-
SHA512
f627033b0e06ce3a63b29a9f46eb8bf2c2a39a87feec701a9d5698fc6da757664f19061ed96cf20c6122355bf60b3038c4252c765580a9b0bb5af8ad3f3d044a
-
SSDEEP
12288:u3P/aK2vB+sPStDCf7O4TsH+mGadTSdZKKQWOs5NgsPjYc+igyjj6n4zaj:u/CKABBbpT0rdwQWOwN7PPpgyqn4zS
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3696 alg.exe -
Drops file in System32 directory 2 IoCs
description ioc Process File opened for modification C:\Windows\System32\alg.exe ae4ffdd6e3c5eb0b0f43e9207508a047b254d117b24779b29f882fd1ade8ad36.exe File opened for modification C:\Windows\system32\AppVClient.exe ae4ffdd6e3c5eb0b0f43e9207508a047b254d117b24779b29f882fd1ade8ad36.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 3760 ae4ffdd6e3c5eb0b0f43e9207508a047b254d117b24779b29f882fd1ade8ad36.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ae4ffdd6e3c5eb0b0f43e9207508a047b254d117b24779b29f882fd1ade8ad36.exe"C:\Users\Admin\AppData\Local\Temp\ae4ffdd6e3c5eb0b0f43e9207508a047b254d117b24779b29f882fd1ade8ad36.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:3760
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
PID:3696
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
661KB
MD570edfbb969e5bca212f3f31021cd3348
SHA16e1be6311e49936e5796107aa0a13b140d372d4d
SHA25696f3237664ba485bc50b052fc93a2535e8f8e933712fbed9adc1d8764be66174
SHA512447dbda1ea198dd4b5a1831eb24fa0882fba9cfd0f3921f627157567b1db9f3e88823d342565d1c8c4e87eb4167ac049560b96b01b073ae534e17f0220907e25