Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
132s -
max time network
137s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
10/07/2024, 09:29
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Unbranded.exe
Resource
win10-20240404-en
6 signatures
150 seconds
General
-
Target
Unbranded.exe
-
Size
13.7MB
-
MD5
451983ef5503c1807a6b1ae6e17f4d92
-
SHA1
da4e4d6646dc4d18c1d20fd2765cbeec25c31fd0
-
SHA256
94540e83284273a1d7c1991f7d56622eeb9c4c5d1f68fe04487331bd1b0c9aa7
-
SHA512
c6e2562416c9f58834a31e6662b087133d13abb111cf72da972c4c0d54f9ca581ac8eb6d21378bb2d37d93e7c87e7433df4897ad7c3854dd354cc7ad6ec6f497
-
SSDEEP
196608:UbI2JqekYVKyyncSjDbWWdZwwwtEUyW3dDzGk8zwdvm5ZiCRAKpMADDlHlKS:UpLknyynFfyOwXlb3dDzGBwJmAAlD
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\rescache\_merged\4183903823\2290032291.pri taskmgr.exe File created C:\Windows\rescache\_merged\1601268389\715946058.pri taskmgr.exe -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Suspicious behavior: EnumeratesProcesses 7 IoCs
pid Process 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
description pid Process Token: SeDebugPrivilege 96 taskmgr.exe Token: SeSystemProfilePrivilege 96 taskmgr.exe Token: SeCreateGlobalPrivilege 96 taskmgr.exe Token: 33 96 taskmgr.exe Token: SeIncBasePriorityPrivilege 96 taskmgr.exe -
Suspicious use of FindShellTrayWindow 33 IoCs
pid Process 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe -
Suspicious use of SendNotifyMessage 33 IoCs
pid Process 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe 96 taskmgr.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Unbranded.exe"C:\Users\Admin\AppData\Local\Temp\Unbranded.exe"1⤵PID:4136
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /71⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:96