Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/03/2024, 21:42

General

  • Target

    c9afc2307527f4d3dba03d6aefe23a34.exe

  • Size

    19KB

  • MD5

    c9afc2307527f4d3dba03d6aefe23a34

  • SHA1

    85810fae5038f654f0197916b04e10ee1edd0a1f

  • SHA256

    34113824188c9b8a4b387ebe9c35dea25eeedf30a794a88f0c29b1ac3fc38f95

  • SHA512

    4778bd643c70d178f091b2a10db08f8fff009b85d237ce5ceb1b77a81e619d5e31c005e5ee36f02192a2285bc3d5d6f77fd5978cd557b2515e8da188ce11ff73

  • SSDEEP

    384:wVTg/B19SEvzMha3Fx9Q6KmeKLoexpHX+0dMTLTA5N4RNz:aTWHSELXI6ToqHOwvD4RNz

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c9afc2307527f4d3dba03d6aefe23a34.exe
    "C:\Users\Admin\AppData\Local\Temp\c9afc2307527f4d3dba03d6aefe23a34.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4064

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4064-0-0x0000000000D50000-0x0000000000D5C000-memory.dmp

    Filesize

    48KB

  • memory/4064-1-0x0000000002DA0000-0x0000000002DA8000-memory.dmp

    Filesize

    32KB

  • memory/4064-2-0x00007FF9C7C00000-0x00007FF9C86C1000-memory.dmp

    Filesize

    10.8MB

  • memory/4064-3-0x000000001B850000-0x000000001B860000-memory.dmp

    Filesize

    64KB

  • memory/4064-4-0x00007FF9C7C00000-0x00007FF9C86C1000-memory.dmp

    Filesize

    10.8MB