Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

dllhost.exe

windows10-2004-x64

1

dllhst3g.exe

windows10-2004-x64

1

dmcertinst.exe

windows10-2004-x64

1

dmcfghost.exe

windows10-2004-x64

1

dmclient.exe

windows10-2004-x64

1

dnscacheugc.exe

windows10-2004-x64

4

doskey.exe

windows10-2004-x64

1

dpapimig.exe

windows10-2004-x64

1

dpnsvr.dll

windows10-2004-x64

1

driverquery.exe

windows10-2004-x64

1

drvinst.exe

windows10-2004-x64

1

ntprint.exe

windows10-2004-x64

1

nvspinfo.exe

windows10-2004-x64

1

odbcad32.exe

windows10-2004-x64

1

odbcconf.exe

windows10-2004-x64

1

ofdeploy.exe

windows10-2004-x64

1

omadmclient.exe

windows10-2004-x64

1

omadmprc.exe

windows10-2004-x64

1

openfiles.exe

windows10-2004-x64

1

osk.exe

windows10-2004-x64

3

pacjsworker.exe

windows10-2004-x64

1

pcalua.exe

windows10-2004-x64

1

pcaui.exe

windows10-2004-x64

1

pcwrun.exe

windows10-2004-x64

1

perfmon.exe

windows10-2004-x64

1

phoneactivate.exe

windows10-2004-x64

1

plasrv.exe

windows10-2004-x64

1

pnputil.exe

windows10-2004-x64

1

pospaymentsworker.exe

windows10-2004-x64

1

powercfg.exe

windows10-2004-x64

6

prevhost.exe

windows10-2004-x64

1

print.exe

windows10-2004-x64

1

Resubmissions

09/07/2024, 13:39

240709-qydwdayanf 7

09/07/2024, 07:52

240709-jqdr3swdle 6

09/07/2024, 06:42

240709-hgkzcs1bjl 5

09/07/2024, 06:34

240709-hb2d6azhjn 3

09/07/2024, 05:47

240709-ggxgqa1crh 4

Analysis

  • max time kernel
    78s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240708-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240708-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/07/2024, 07:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    powercfg.exe

  • Size

    116KB

  • MD5

    5ec8e8f2994af3fde376d4c19ed979bb

  • SHA1

    b902a24582a7330eb6e75131e71452bee927b845

  • SHA256

    0b115b47d3ed8b00e97138afbae094db8cfee6e108d301fbb090368aefbb68be

  • SHA512

    37c440008b0baad0e4f1bf5b8eb608cdc2c0626f972ec6ad5921d135009fecafbb4714fa5d17669e6b1f50e6407082214b3a95cae45d936be07174dc42a70f17

  • SSDEEP

    1536:0jcdiI1HJ5eXTwY7NHxAw81iMuuZl8sVRByoI3QwjHkGb6mzNM+mM4MmkVNi+O:0ZCr6NOw81iMuussrQoVGbBRrmMD2

Score
6/10
persistence

Malware Config

Signatures

  • Power Settings 1 TTPs 1 IoCs

    powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\powercfg.exe
    "C:\Users\Admin\AppData\Local\Temp\powercfg.exe"
    1⤵
    • Power Settings
    PID:1008
  • C:\Windows\System32\Upfc.exe
    C:\Windows\System32\Upfc.exe /launchtype periodic /cv cgeSIQ8pekCsulAaNaozIw.0
    1⤵
      PID:4480

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads