Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
106s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
10/06/2024, 14:10
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
827d491604ddc96f9e6f7e5b79e10f9765bf680c11e38f57339e28822c40de68.exe
Resource
win7-20240221-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
827d491604ddc96f9e6f7e5b79e10f9765bf680c11e38f57339e28822c40de68.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
827d491604ddc96f9e6f7e5b79e10f9765bf680c11e38f57339e28822c40de68.exe
-
Size
46KB
-
MD5
1b82eb8b48597cb146a11fb5435a5981
-
SHA1
ec8c2e0efd66122d1018dc9e154b8cbbabac7a50
-
SHA256
827d491604ddc96f9e6f7e5b79e10f9765bf680c11e38f57339e28822c40de68
-
SHA512
77f8e89d90ac25c514e52ce4771295567d0304d72ca141b441f49aca8137d834b8897f988bdffecf3110b82bc614b2351d2225c2d4c2cb172ac245915b32e118
-
SSDEEP
768:pazJB5Som+D7lVgZKoyyeIcSBNy5Tg+CjSexGBIR18kxa2234hWEB:paFBjm47XgZKoy5IcEMg+atxGyHe+
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 15 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "217" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" LogonUI.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" LogonUI.exe -
Suspicious behavior: LoadsDriver 64 IoCs
pid Process 4856 Process not Found 4568 Process not Found 3692 Process not Found 1752 Process not Found 1724 Process not Found 1832 Process not Found 1900 Process not Found 4948 Process not Found 2548 Process not Found 1816 Process not Found 5024 Process not Found 2400 Process not Found 932 Process not Found 3216 Process not Found 1076 Process not Found 2380 Process not Found 1164 Process not Found 1888 Process not Found 3092 Process not Found 544 Process not Found 2168 Process not Found 2628 Process not Found 4476 Process not Found 4552 Process not Found 1356 Process not Found 3892 Process not Found 912 Process not Found 2132 Process not Found 1008 Process not Found 540 Process not Found 3912 Process not Found 5060 Process not Found 1944 Process not Found 4664 Process not Found 2140 Process not Found 368 Process not Found 2832 Process not Found 2204 Process not Found 3264 Process not Found 2856 Process not Found 1340 Process not Found 4560 Process not Found 3124 Process not Found 3860 Process not Found 4968 Process not Found 4420 Process not Found 940 Process not Found 4332 Process not Found 4652 Process not Found 5108 Process not Found 760 Process not Found 640 Process not Found 672 Process not Found 4820 Process not Found 4404 Process not Found 4468 Process not Found 4792 Process not Found 1052 Process not Found 3992 Process not Found 3600 Process not Found 1988 Process not Found 4500 Process not Found 2216 Process not Found 2016 Process not Found -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4720 LogonUI.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\827d491604ddc96f9e6f7e5b79e10f9765bf680c11e38f57339e28822c40de68.exe"C:\Users\Admin\AppData\Local\Temp\827d491604ddc96f9e6f7e5b79e10f9765bf680c11e38f57339e28822c40de68.exe"1⤵PID:3924
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x0 /state0:0xa398d055 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4720