Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
18s -
max time network
19s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
08/09/2024, 15:26
Behavioral task
behavioral1
Sample
Kopx_Perm.exe
Resource
win10v2004-20240802-en
5 signatures
150 seconds
General
-
Target
Kopx_Perm.exe
-
Size
5.5MB
-
MD5
cd04c6b2aa6c3db3afe23710f77744ce
-
SHA1
fa9a6c7aa03369b78d7495828e1e8c2f1f6d2017
-
SHA256
c1bdfe41a13815c0ecbe8ccf4000704ccb245bbfc47ef2f2123ecd873a7257c5
-
SHA512
9ea38d6c146eb3487dd36234211fae80936ea6135d402ce032f50429c0a0fc3b48f0f627f0fc95fe5c3612b8d84bf4bfe8def00fb878d15bdbb738cba7507eda
-
SSDEEP
49152:MWFnhVOoUFnhVSr9JkzvkjXa+FnhVSr9JkzvkjXabsBFnhVKTTFBySg6etzcwp86:MfyrkzgXyrkzgX9orG8farR1
Score
1/10
Malware Config
Signatures
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 224 taskmgr.exe Token: SeSystemProfilePrivilege 224 taskmgr.exe Token: SeCreateGlobalPrivilege 224 taskmgr.exe -
Suspicious use of FindShellTrayWindow 21 IoCs
pid Process 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe -
Suspicious use of SendNotifyMessage 21 IoCs
pid Process 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe 224 taskmgr.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Kopx_Perm.exe"C:\Users\Admin\AppData\Local\Temp\Kopx_Perm.exe"1⤵PID:3252
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:224