Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
95s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
18/08/2024, 21:56
Static task
static1
Behavioral task
behavioral1
Sample
screencapture-chatgpt-2024-08-18-12_20_33-2.png
Resource
win11-20240802-en
windows11-21h2-x64
6 signatures
150 seconds
General
-
Target
screencapture-chatgpt-2024-08-18-12_20_33-2.png
-
Size
2.7MB
-
MD5
fc334642afa9b09c656c1e0c7f0ec95a
-
SHA1
328b92a2e47beaa10c93c518ceb86ef40bcc1a35
-
SHA256
85a6005f97166a73e0c63673c541a5da5db97f3b11cdedb144179aa25556d7e5
-
SHA512
c0bc7bc46ad16b0e00b6e4fcb9ab7a526d847ff769560a2ea800f663c01939a7c8484c57588d937c6189bfe3e7b28e2a4be54c4ca42311fdd35556bc95bb0159
-
SSDEEP
49152:UtFWcfE26b0+T0vfljzCd+S4rA9p57eFu44qzpGQu:WgcfEPb0QUljzYP4dza
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
description pid Process Token: SeDebugPrivilege 2216 taskmgr.exe Token: SeSystemProfilePrivilege 2216 taskmgr.exe Token: SeCreateGlobalPrivilege 2216 taskmgr.exe Token: 33 2216 taskmgr.exe Token: SeIncBasePriorityPrivilege 2216 taskmgr.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe 2216 taskmgr.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\screencapture-chatgpt-2024-08-18-12_20_33-2.png1⤵PID:1700
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /01⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2216