Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
14/03/2024, 21:42
Static task
static1
Behavioral task
behavioral1
Sample
c9afc2307527f4d3dba03d6aefe23a34.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c9afc2307527f4d3dba03d6aefe23a34.exe
Resource
win10v2004-20240226-en
General
-
Target
c9afc2307527f4d3dba03d6aefe23a34.exe
-
Size
19KB
-
MD5
c9afc2307527f4d3dba03d6aefe23a34
-
SHA1
85810fae5038f654f0197916b04e10ee1edd0a1f
-
SHA256
34113824188c9b8a4b387ebe9c35dea25eeedf30a794a88f0c29b1ac3fc38f95
-
SHA512
4778bd643c70d178f091b2a10db08f8fff009b85d237ce5ceb1b77a81e619d5e31c005e5ee36f02192a2285bc3d5d6f77fd5978cd557b2515e8da188ce11ff73
-
SSDEEP
384:wVTg/B19SEvzMha3Fx9Q6KmeKLoexpHX+0dMTLTA5N4RNz:aTWHSELXI6ToqHOwvD4RNz
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe 4064 c9afc2307527f4d3dba03d6aefe23a34.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4064 c9afc2307527f4d3dba03d6aefe23a34.exe