Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
28/05/2024, 18:36
Static task
static1
Behavioral task
behavioral1
Sample
aead5f8a50a452f64f8dc540ae9b1c6d3457479196e4d59f5bb2fceaf6a617e5.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
aead5f8a50a452f64f8dc540ae9b1c6d3457479196e4d59f5bb2fceaf6a617e5.exe
Resource
win10v2004-20240508-en
General
-
Target
aead5f8a50a452f64f8dc540ae9b1c6d3457479196e4d59f5bb2fceaf6a617e5.exe
-
Size
5.7MB
-
MD5
f4ab1f3cd0b25046a92f9a5e3ee685c8
-
SHA1
bad6466cf662a305665ac3dc83e346f809f25d76
-
SHA256
aead5f8a50a452f64f8dc540ae9b1c6d3457479196e4d59f5bb2fceaf6a617e5
-
SHA512
c23894c7566ceeff1107f05d296ddebf980eb36cc2862fac992d3f0166e73775bac2aaa1a5d6ea96f676c6cb21baa56b23d3dc52f131870acb7515b5ca963705
-
SSDEEP
98304:j/6n94bDY2EBcBuq62V///4nAWakrn7S/IhWoaVVfs/VIsMF4JD8iulhq7NmYkV2:mMD+cpvJ/4H3nmghWoa/fsysMF4JD85S
Malware Config
Signatures
-
Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Oracle\VirtualBox Guest Additions aead5f8a50a452f64f8dc540ae9b1c6d3457479196e4d59f5bb2fceaf6a617e5.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 2972 aead5f8a50a452f64f8dc540ae9b1c6d3457479196e4d59f5bb2fceaf6a617e5.exe 2972 aead5f8a50a452f64f8dc540ae9b1c6d3457479196e4d59f5bb2fceaf6a617e5.exe 2972 aead5f8a50a452f64f8dc540ae9b1c6d3457479196e4d59f5bb2fceaf6a617e5.exe 2972 aead5f8a50a452f64f8dc540ae9b1c6d3457479196e4d59f5bb2fceaf6a617e5.exe 2972 aead5f8a50a452f64f8dc540ae9b1c6d3457479196e4d59f5bb2fceaf6a617e5.exe 2972 aead5f8a50a452f64f8dc540ae9b1c6d3457479196e4d59f5bb2fceaf6a617e5.exe 2972 aead5f8a50a452f64f8dc540ae9b1c6d3457479196e4d59f5bb2fceaf6a617e5.exe 2972 aead5f8a50a452f64f8dc540ae9b1c6d3457479196e4d59f5bb2fceaf6a617e5.exe 2972 aead5f8a50a452f64f8dc540ae9b1c6d3457479196e4d59f5bb2fceaf6a617e5.exe 2972 aead5f8a50a452f64f8dc540ae9b1c6d3457479196e4d59f5bb2fceaf6a617e5.exe 2972 aead5f8a50a452f64f8dc540ae9b1c6d3457479196e4d59f5bb2fceaf6a617e5.exe 2972 aead5f8a50a452f64f8dc540ae9b1c6d3457479196e4d59f5bb2fceaf6a617e5.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeShutdownPrivilege 2972 aead5f8a50a452f64f8dc540ae9b1c6d3457479196e4d59f5bb2fceaf6a617e5.exe Token: SeShutdownPrivilege 2972 aead5f8a50a452f64f8dc540ae9b1c6d3457479196e4d59f5bb2fceaf6a617e5.exe Token: SeShutdownPrivilege 2972 aead5f8a50a452f64f8dc540ae9b1c6d3457479196e4d59f5bb2fceaf6a617e5.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2972 aead5f8a50a452f64f8dc540ae9b1c6d3457479196e4d59f5bb2fceaf6a617e5.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 2972 aead5f8a50a452f64f8dc540ae9b1c6d3457479196e4d59f5bb2fceaf6a617e5.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\aead5f8a50a452f64f8dc540ae9b1c6d3457479196e4d59f5bb2fceaf6a617e5.exe"C:\Users\Admin\AppData\Local\Temp\aead5f8a50a452f64f8dc540ae9b1c6d3457479196e4d59f5bb2fceaf6a617e5.exe"1⤵
- Looks for VirtualBox Guest Additions in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2972
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
9KB
MD578b7d7b736ea57e157fe33d62c299818
SHA1ad5edf44f99556ece2c42b75820f85f3bcb99a86
SHA25696b579d317099c8a1a8e572b6d22dd426991ba2873789196c144a2cf3e3aa12b
SHA5123c457acc8fb446ae6a7ffe44c12adbb03780fa25751c9e66137b207b00be774fc100b80d896049250828b298a39875235fff241d4ec364dcfce43a241782d1b1