Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
20s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
12/09/2024, 13:48
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
CustomNotepad.exe
Resource
win7-20240903-en
3 signatures
300 seconds
Behavioral task
behavioral2
Sample
CustomNotepad.exe
Resource
win10-20240611-en
3 signatures
300 seconds
General
-
Target
CustomNotepad.exe
-
Size
141.6MB
-
MD5
fafaaf268fbb8cf5571920aa23ffa4b0
-
SHA1
8f1a6d613bb1ffd219e5380e66c5d5349cd1cd88
-
SHA256
308473be2e81182d3b01ac9fb9d12168b25397186ae6c325702953728e1f52ec
-
SHA512
6c7aba16bf44f8fff2f554c181630e294c22c72e69a390f8c8a4383e6eebb0164481a63aa36123244abecffc6e8026b8cd99b7c956e9760f6c4bf1c935b553db
-
SSDEEP
786432:NW2CUJfgreBVNrPVsWN3KPqiVZb6Sc8CjWi3HTK6aTtLwSTRpf4P1wT1wim:NR1grOVNBsTVZb6ii3H2rm
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS CustomNotepad.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer CustomNotepad.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion CustomNotepad.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe 2824 CustomNotepad.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
description pid Process Token: 33 2780 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2780 AUDIODG.EXE Token: 33 2780 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2780 AUDIODG.EXE Token: SeDebugPrivilege 2824 CustomNotepad.exe
Processes
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2260
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4841⤵
- Suspicious use of AdjustPrivilegeToken
PID:2780
-
C:\Users\Admin\AppData\Local\Temp\CustomNotepad.exe"C:\Users\Admin\AppData\Local\Temp\CustomNotepad.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2824