Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
137s -
max time network
134s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
25/08/2024, 16:25
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Selenium.exe
Resource
win7-20240704-en
7 signatures
150 seconds
Behavioral task
behavioral2
Sample
Selenium.exe
Resource
win10v2004-20240802-en
6 signatures
150 seconds
General
-
Target
Selenium.exe
-
Size
13KB
-
MD5
068c7a3563810d19a13f39ccc38772a3
-
SHA1
08ebc997f069c8c0389a7388d682ef1f67b1ad73
-
SHA256
272ca33f654384f60c3b85e10bbc42e28040b91f5afad104aac3f664f89224c1
-
SHA512
ae9dfe621bd6cd014b0137a3613c2a49b083e5c56a7e01dd958d3e9642e6e5094c4ee41494111c7ac381e9fb939e79edef6727564743b3eb3fb53a32973d8fd9
-
SSDEEP
384:s7/1TebgAciVU6c35z1R5Mq3/Vs8QbTf6Q:sT1TeR05xFCbTff
Score
8/10
Malware Config
Signatures
-
Downloads MZ/PE file
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 2948 set thread context of 1604 2948 Selenium.exe 94 -
Program crash 1 IoCs
pid pid_target Process procid_target 3632 1604 WerFault.exe 94 -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Selenium.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RegAsm.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2948 Selenium.exe -
Suspicious use of WriteProcessMemory 9 IoCs
description pid Process procid_target PID 2948 wrote to memory of 1604 2948 Selenium.exe 94 PID 2948 wrote to memory of 1604 2948 Selenium.exe 94 PID 2948 wrote to memory of 1604 2948 Selenium.exe 94 PID 2948 wrote to memory of 1604 2948 Selenium.exe 94 PID 2948 wrote to memory of 1604 2948 Selenium.exe 94 PID 2948 wrote to memory of 1604 2948 Selenium.exe 94 PID 2948 wrote to memory of 1604 2948 Selenium.exe 94 PID 2948 wrote to memory of 1604 2948 Selenium.exe 94 PID 2948 wrote to memory of 1604 2948 Selenium.exe 94
Processes
-
C:\Users\Admin\AppData\Local\Temp\Selenium.exe"C:\Users\Admin\AppData\Local\Temp\Selenium.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2948 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegAsm.exe"2⤵
- System Location Discovery: System Language Discovery
PID:1604 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 5523⤵
- Program crash
PID:3632
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1604 -ip 16041⤵PID:1016
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4612,i,3210801877307184477,8078594481454001567,262144 --variations-seed-version --mojo-platform-channel-handle=4180 /prefetch:81⤵PID:4004