Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
08/03/2024, 03:10
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ba5e120b64d88a8a27ee41a45ed5bab9.exe
Resource
win7-20240221-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
ba5e120b64d88a8a27ee41a45ed5bab9.exe
Resource
win10v2004-20240226-en
3 signatures
150 seconds
General
-
Target
ba5e120b64d88a8a27ee41a45ed5bab9.exe
-
Size
91KB
-
MD5
ba5e120b64d88a8a27ee41a45ed5bab9
-
SHA1
9b2e4962572a0067db68a10e2c537f743683d547
-
SHA256
5db15b605f6fef05c5ff16a5a293ee2d633dabbc9608e062213805ddd7e5428d
-
SHA512
b846a8b015c28ed942be3e8ca6b9596eb96c8391ba6606384e6e60397ccff8ab634e11129a35deecc00ad734a1bf3b04ddcd076dd0a3703305b0df2e1d88d06b
-
SSDEEP
1536:/48MMDo0GsIQFa/lrmsJsi8RbqTapBzCtiQNhDZ6gvZlG4S5x3K4FvRCDZYP5SJO:Q8MF8axJf8FqupBuThcFKEoDuRST8SC
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 2172 set thread context of 2492 2172 ba5e120b64d88a8a27ee41a45ed5bab9.exe 28 -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2172 ba5e120b64d88a8a27ee41a45ed5bab9.exe -
Suspicious use of WriteProcessMemory 9 IoCs
description pid Process procid_target PID 2172 wrote to memory of 2492 2172 ba5e120b64d88a8a27ee41a45ed5bab9.exe 28 PID 2172 wrote to memory of 2492 2172 ba5e120b64d88a8a27ee41a45ed5bab9.exe 28 PID 2172 wrote to memory of 2492 2172 ba5e120b64d88a8a27ee41a45ed5bab9.exe 28 PID 2172 wrote to memory of 2492 2172 ba5e120b64d88a8a27ee41a45ed5bab9.exe 28 PID 2172 wrote to memory of 2492 2172 ba5e120b64d88a8a27ee41a45ed5bab9.exe 28 PID 2172 wrote to memory of 2492 2172 ba5e120b64d88a8a27ee41a45ed5bab9.exe 28 PID 2172 wrote to memory of 2492 2172 ba5e120b64d88a8a27ee41a45ed5bab9.exe 28 PID 2172 wrote to memory of 2492 2172 ba5e120b64d88a8a27ee41a45ed5bab9.exe 28 PID 2172 wrote to memory of 2492 2172 ba5e120b64d88a8a27ee41a45ed5bab9.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\ba5e120b64d88a8a27ee41a45ed5bab9.exe"C:\Users\Admin\AppData\Local\Temp\ba5e120b64d88a8a27ee41a45ed5bab9.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2172 -
C:\Users\Admin\AppData\Local\Temp\ba5e120b64d88a8a27ee41a45ed5bab9.exeC:\Users\Admin\AppData\Local\Temp\ba5e120b64d88a8a27ee41a45ed5bab9.exe2⤵PID:2492
-