Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
20s -
max time network
17s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
11/08/2024, 16:05
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
GrimDownloader.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
300 seconds
General
-
Target
GrimDownloader.exe
-
Size
44.5MB
-
MD5
639a232494e2f3fa4e69db89fb9061a4
-
SHA1
c9c4b71032e800e2e94ce5cf4a8023233cd8a466
-
SHA256
57e86c7ea9ed68ef5ae07c10b6755d086e0fd6f40f91e0d149e01fb7046c2648
-
SHA512
da0a433fde9b06f2414a0c81482a388b2edf63e1ff75bf570ba6f638f27e2d8827edde622ca5840e32695dbb455d04b992d7af51f109268851c48ba98d951bf8
-
SSDEEP
786432:6naJK2VQxHX+wrWcisgQwldJ4i0nvc94IHnvBquI6TPJ1Jn84eTwDoVomBwo:6aMisgQa6PnvcGIHvBqujTP3Opw2om
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 42 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 2192 WMIC.exe Token: SeSecurityPrivilege 2192 WMIC.exe Token: SeTakeOwnershipPrivilege 2192 WMIC.exe Token: SeLoadDriverPrivilege 2192 WMIC.exe Token: SeSystemProfilePrivilege 2192 WMIC.exe Token: SeSystemtimePrivilege 2192 WMIC.exe Token: SeProfSingleProcessPrivilege 2192 WMIC.exe Token: SeIncBasePriorityPrivilege 2192 WMIC.exe Token: SeCreatePagefilePrivilege 2192 WMIC.exe Token: SeBackupPrivilege 2192 WMIC.exe Token: SeRestorePrivilege 2192 WMIC.exe Token: SeShutdownPrivilege 2192 WMIC.exe Token: SeDebugPrivilege 2192 WMIC.exe Token: SeSystemEnvironmentPrivilege 2192 WMIC.exe Token: SeRemoteShutdownPrivilege 2192 WMIC.exe Token: SeUndockPrivilege 2192 WMIC.exe Token: SeManageVolumePrivilege 2192 WMIC.exe Token: 33 2192 WMIC.exe Token: 34 2192 WMIC.exe Token: 35 2192 WMIC.exe Token: 36 2192 WMIC.exe Token: SeIncreaseQuotaPrivilege 2192 WMIC.exe Token: SeSecurityPrivilege 2192 WMIC.exe Token: SeTakeOwnershipPrivilege 2192 WMIC.exe Token: SeLoadDriverPrivilege 2192 WMIC.exe Token: SeSystemProfilePrivilege 2192 WMIC.exe Token: SeSystemtimePrivilege 2192 WMIC.exe Token: SeProfSingleProcessPrivilege 2192 WMIC.exe Token: SeIncBasePriorityPrivilege 2192 WMIC.exe Token: SeCreatePagefilePrivilege 2192 WMIC.exe Token: SeBackupPrivilege 2192 WMIC.exe Token: SeRestorePrivilege 2192 WMIC.exe Token: SeShutdownPrivilege 2192 WMIC.exe Token: SeDebugPrivilege 2192 WMIC.exe Token: SeSystemEnvironmentPrivilege 2192 WMIC.exe Token: SeRemoteShutdownPrivilege 2192 WMIC.exe Token: SeUndockPrivilege 2192 WMIC.exe Token: SeManageVolumePrivilege 2192 WMIC.exe Token: 33 2192 WMIC.exe Token: 34 2192 WMIC.exe Token: 35 2192 WMIC.exe Token: 36 2192 WMIC.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2256 wrote to memory of 4800 2256 GrimDownloader.exe 90 PID 2256 wrote to memory of 4800 2256 GrimDownloader.exe 90 PID 4800 wrote to memory of 2192 4800 cmd.exe 91 PID 4800 wrote to memory of 2192 4800 cmd.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\GrimDownloader.exe"C:\Users\Admin\AppData\Local\Temp\GrimDownloader.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2256 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic csproduct get uuid2⤵
- Suspicious use of WriteProcessMemory
PID:4800 -
C:\Windows\System32\Wbem\WMIC.exewmic csproduct get uuid3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2192
-
-