Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
40s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
21/09/2024, 00:46
Static task
static1
Behavioral task
behavioral1
Sample
Salad.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Salad.exe
Resource
win10v2004-20240802-en
General
-
Target
Salad.exe
-
Size
2.7MB
-
MD5
839ddeb57dce73e6f354499323933378
-
SHA1
bb4b28011018e51adb9a5310ec54fcf9a2cecf51
-
SHA256
c7070b6c4f86315a7f441104c11cfa075d199d10f58d4a6def42e0fba3834426
-
SHA512
aa75ec396f34e097226c5c03dce99f1c356117e49e2a1ee42c675352730b1d5f96224e798b63bd45da539dbc102d3a0f77f4491910b9ccdba138ca9f226ab47d
-
SSDEEP
49152:NOJvFeII+PiGd/Mx9kmMzWut9qYR9kqXfd+/9ATrgBWBKH8jkDVFCNXODzWS9HfO:NOJvF6wiG5/Wg9q+9kqXf0F9+KH4kpcR
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: 33 2496 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2496 AUDIODG.EXE Token: 33 2496 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2496 AUDIODG.EXE -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2104 Salad.exe 2104 Salad.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2104 wrote to memory of 3024 2104 Salad.exe 29 PID 2104 wrote to memory of 3024 2104 Salad.exe 29 PID 2104 wrote to memory of 3024 2104 Salad.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\Salad.exe"C:\Users\Admin\AppData\Local\Temp\Salad.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2104 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2104 -s 8802⤵PID:3024
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2796
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4641⤵
- Suspicious use of AdjustPrivilegeToken
PID:2496
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5B
MD568934a3e9455fa72420237eb05902327
SHA17cb6efb98ba5972a9b5090dc2e517fe14d12cb04
SHA256fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa
SHA512719fa67eef49c4b2a2b83f0c62bddd88c106aaadb7e21ae057c8802b700e36f81fe3f144812d8b05d66dc663d908b25645e153262cf6d457aa34e684af9e328d