Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
16/03/2024, 01:59
Static task
static1
Behavioral task
behavioral1
Sample
ccd32c48e5e9f39f113174f607aa8ac7.lnk
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
ccd32c48e5e9f39f113174f607aa8ac7.lnk
Resource
win10v2004-20240226-en
2 signatures
150 seconds
General
-
Target
ccd32c48e5e9f39f113174f607aa8ac7.lnk
-
Size
1KB
-
MD5
ccd32c48e5e9f39f113174f607aa8ac7
-
SHA1
86dd7badeae434bbb460addd9d4619a3cd7c6c08
-
SHA256
5214acfb828192ac3dcfd7ea2cab0ce6c433d8da3eee6a391af59755ecd4385a
-
SHA512
b299fe1fe40d41249b5f95214ce524707dff8daa182599c7b900015bf82e6c62f6523b3851b9f53ae7602fefc2585521eb167501519343cd27eee8b9b468cba8
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeManageVolumePrivilege 2668 svchost.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\ccd32c48e5e9f39f113174f607aa8ac7.lnk1⤵PID:4924
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵PID:2408
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2668