Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
14/07/2024, 08:16
240714-j6aelavgkf 328/03/2024, 15:44
240328-s6f2tahh81 315/02/2024, 03:14
240215-drq6xafb7s 605/02/2024, 16:35
240205-t3whrsebaq 305/02/2024, 16:32
240205-t17g9aeagl 308/12/2023, 22:35
231208-2hv1haegb3 331/10/2023, 16:20
231031-ttf2qaba4t 1024/10/2023, 18:54
231024-xkm1fsgg8z 1020/09/2023, 14:18
230920-rl8qnagg4s 1023/08/2023, 22:11
230823-139hyshd3w 10Analysis
-
max time kernel
66s -
max time network
64s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
28/03/2024, 15:44
Static task
static1
Behavioral task
behavioral1
Sample
dl2.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
dl2.exe
Resource
macos-20240214-en
General
-
Target
dl2.exe
-
Size
849KB
-
MD5
c2055b7fbaa041d9f68b9d5df9b45edd
-
SHA1
e4bd443bd4ce9029290dcd4bb47cb1a01f3b1b06
-
SHA256
342f04c4720590c40d24078d46d9b19d8175565f0af460598171d58f5ffc48f3
-
SHA512
18905b75938b8af9468b1aa3ffbae796a139c2762e623aa6ffb9ec2b293dd04aa1f90d1ed5a7dbda7853795a3688e368121a134c7f63e527a8e5e7679301a1dc
-
SSDEEP
12288:A3RY3yNqMRTF4q2rxHn2ot/81xpNQyjUXlmoe7ufjHAtjXD7r2:A3RY3R24q+xn/8Xp2yOl5fzQ/2
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 20 IoCs
pid Process 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2016 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2016 taskmgr.exe -
Suspicious use of FindShellTrayWindow 42 IoCs
pid Process 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe -
Suspicious use of SendNotifyMessage 42 IoCs
pid Process 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1312 dl2.exe 2508 dl2.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\dl2.exe"C:\Users\Admin\AppData\Local\Temp\dl2.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:1312
-
C:\Users\Admin\AppData\Local\Temp\dl2.exeC:\Users\Admin\AppData\Local\Temp\dl2.exe {5F593D2A-713E-410F-A727-79C307851412}1⤵
- Suspicious use of SetWindowsHookEx
PID:2508
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2548
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2016