Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
04/06/2024, 11:22
Static task
static1
Behavioral task
behavioral1
Sample
AteraAgent.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
AteraAgent.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
AteraAgent.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral4
Sample
AteraAgent.exe
Resource
win11-20240426-en
General
-
Target
AteraAgent.exe
-
Size
142KB
-
MD5
477293f80461713d51a98a24023d45e8
-
SHA1
e9aa4e6c514ee951665a7cd6f0b4a4c49146241d
-
SHA256
a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2
-
SHA512
23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f
-
SSDEEP
3072:bk/SImWggsVz8TzihTmmrG/GOXYsqRK3ybTXzpUTQM9/FMp:ISWB/YrRK3yb37
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1368 AteraAgent.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1368 wrote to memory of 3004 1368 AteraAgent.exe 28 PID 1368 wrote to memory of 3004 1368 AteraAgent.exe 28 PID 1368 wrote to memory of 3004 1368 AteraAgent.exe 28