Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
125s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
09/07/2024, 13:00
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
391cddba0168b0df25c6cafd19889470N.exe
Resource
win7-20240704-en
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
391cddba0168b0df25c6cafd19889470N.exe
Resource
win10v2004-20240704-en
4 signatures
150 seconds
General
-
Target
391cddba0168b0df25c6cafd19889470N.exe
-
Size
538KB
-
MD5
391cddba0168b0df25c6cafd19889470
-
SHA1
bb76d9212c136b7156a5c0d3cc4a1a5501604876
-
SHA256
7603b1d992fbd634d84ef58e15285dfb4cb83066b240732dfc7740eb320b0f72
-
SHA512
8db1a3cac3732755d6ce461b382e9063e813ecd16b0d605afe6ce468d49d1ff9ba1afebbda4ce038c2d12ee34ce127c5ad00ba58533e4073510466f21d5eafbd
-
SSDEEP
12288:cytbV3kSoXaLnTosJGE0lsOjIAHqIlSe/DrOya:Hb5kSYaLTVJGBOOjI4EQDCya
Score
1/10
Malware Config
Signatures
-
Runs ping.exe 1 TTPs 1 IoCs
pid Process 2972 PING.EXE -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4344 391cddba0168b0df25c6cafd19889470N.exe 4344 391cddba0168b0df25c6cafd19889470N.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4344 391cddba0168b0df25c6cafd19889470N.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 4344 wrote to memory of 3064 4344 391cddba0168b0df25c6cafd19889470N.exe 89 PID 4344 wrote to memory of 3064 4344 391cddba0168b0df25c6cafd19889470N.exe 89 PID 3064 wrote to memory of 2972 3064 cmd.exe 91 PID 3064 wrote to memory of 2972 3064 cmd.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\391cddba0168b0df25c6cafd19889470N.exe"C:\Users\Admin\AppData\Local\Temp\391cddba0168b0df25c6cafd19889470N.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4344 -
C:\Windows\SYSTEM32\cmd.execmd.exe /C ping 1.1.1.1 -n 1 -w 6000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\391cddba0168b0df25c6cafd19889470N.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:3064 -
C:\Windows\system32\PING.EXEping 1.1.1.1 -n 1 -w 60003⤵
- Runs ping.exe
PID:2972
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3904,i,12101950716832706950,8384629015980369538,262144 --variations-seed-version --mojo-platform-channel-handle=4548 /prefetch:81⤵PID:1144