Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1791s -
max time network
1178s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
18/04/2024, 03:17
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
SecurityCheck.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
5 signatures
1800 seconds
General
-
Target
SecurityCheck.exe
-
Size
24KB
-
MD5
d9038b19ef4aea05213e2f3e02745933
-
SHA1
92c769ce298351984a8aa2eb5a81c1beebc23ec0
-
SHA256
4062963405cc71c032ca51ffd409e832120fcfd496969f4ef548774323c72413
-
SHA512
38e6c50f0595546a62456be138c24154684e64896766c3242ef4213500db588ebc3d417c5e699426338d66c09db2040bb4ed360eb6a151d3c44a2c03730b0fd6
-
SSDEEP
384:9zVTmdANsJOZ6qx0fOZrmi/jxXToAYhLzMhV3TECW:nXWg70G3r1DY4VvW
Score
1/10
Malware Config
Signatures
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Suspicious behavior: EnumeratesProcesses 11 IoCs
pid Process 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
description pid Process Token: SeDebugPrivilege 688 taskmgr.exe Token: SeSystemProfilePrivilege 688 taskmgr.exe Token: SeCreateGlobalPrivilege 688 taskmgr.exe Token: 33 688 taskmgr.exe Token: SeIncBasePriorityPrivilege 688 taskmgr.exe -
Suspicious use of FindShellTrayWindow 36 IoCs
pid Process 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe -
Suspicious use of SendNotifyMessage 36 IoCs
pid Process 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe 688 taskmgr.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecurityCheck.exe"C:\Users\Admin\AppData\Local\Temp\SecurityCheck.exe"1⤵PID:4092
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /01⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:688