Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
22s -
max time network
20s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
01/06/2024, 18:52
Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
AutoClicker-3.0.exe
Resource
win7-20240508-en
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
AutoClicker-3.0.exe
Resource
win10v2004-20240508-en
18 signatures
150 seconds
General
-
Target
AutoClicker-3.0.exe
-
Size
844KB
-
MD5
7ecfc8cd7455dd9998f7dad88f2a8a9d
-
SHA1
1751d9389adb1e7187afa4938a3559e58739dce6
-
SHA256
2e67d5e7d96aec62a9dda4c0259167a44908af863c2b3af2a019723205abba9e
-
SHA512
cb05e82b17c0f7444d1259b661f0c1e6603d8a959da7475f35078a851d528c630366916c17a37db1a2490af66e5346309177c9e31921d09e7e795492868e678d
-
SSDEEP
12288:GaWzgMg7v3qnCiWErQohh0F49CJ8lnybQg9BFg9UmTRHlM:BaHMv6CGrjBnybQg+mmhG
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 9 IoCs
pid Process 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 1856 AutoClicker-3.0.exe 2572 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2572 taskmgr.exe -
Suspicious use of FindShellTrayWindow 23 IoCs
pid Process 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe -
Suspicious use of SendNotifyMessage 23 IoCs
pid Process 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe 2572 taskmgr.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\AutoClicker-3.0.exe"C:\Users\Admin\AppData\Local\Temp\AutoClicker-3.0.exe"1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:1856
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2572