Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
91s -
max time network
94s -
platform
windows11-21h2_x64 -
resource
win11-20240426-en -
resource tags
arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system -
submitted
08/05/2024, 16:38
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Haze woofer.exe
Resource
win11-20240426-en
2 signatures
600 seconds
General
-
Target
Haze woofer.exe
-
Size
48KB
-
MD5
0b989cac59f9575163d5a9c9e2b26b33
-
SHA1
3fe0a85cb7478f82b9a095c31097c718c30ac386
-
SHA256
ce2f6e266eab26c92b5451bbdaa069c4bf4a06e8f99be8da0cb29596ac168958
-
SHA512
f4b6a2b8c9fdbd48fabd5645885cf9552ec23cdd0d88e7202ebf62108a0fec86b3c4cb920c32f7ecd737451e863a94196e2809ebbb4b4bf3ce02512e9d1a4d55
-
SSDEEP
768:TbTUiTSqQsP8hEvBBp2HUVWNoNbZwAoIsQrjPQXTH9tHUYc3qeU:/TVssP86v80VWKNb6AoIsWj4XTHrHPeU
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\INF\.NET CLR Data\0000\nescher_2.exe Haze woofer.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 828 Haze woofer.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Haze woofer.exe"C:\Users\Admin\AppData\Local\Temp\Haze woofer.exe"1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:828
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1404