Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
09/03/2024, 22:07
Static task
static1
Behavioral task
behavioral1
Sample
Disk1.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
Disk1.exe
-
Size
228KB
-
MD5
4d867033b27c8a603de4885b449c4923
-
SHA1
f1ace1a241bab6efb3c7059a68b6e9bbe258da83
-
SHA256
22a2484d7fa799e6e71e310141614884f3bc8dad8ac749b6f1c475b5398a72f3
-
SHA512
b5d6d4a58d8780a43e69964f80525905224fa020c0032e637cd25557097e331f63d156cceaaacfe1a692ca8cea8d8bd1b219468b6b8e4827c90febe1535a5702
-
SSDEEP
3072:OgfbRmDIHA98kK2WndTslNac+dA6YdqhsXCNZpp4GIoHZUFozD3zgJwDmr9u76v9:OSCgkKdcg9vCoaoMpcto
Score
1/10
Malware Config
Signatures
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2976 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 2976 taskmgr.exe Token: SeSystemProfilePrivilege 2976 taskmgr.exe Token: SeCreateGlobalPrivilege 2976 taskmgr.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe 2976 taskmgr.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Disk1.exe"C:\Users\Admin\AppData\Local\Temp\Disk1.exe"1⤵PID:896
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2976