Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
134s -
max time network
135s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
21/09/2024, 17:24
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Mikz.exe
Resource
win10-20240404-en
windows10-1703-x64
7 signatures
150 seconds
Behavioral task
behavioral2
Sample
Mikz.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
Mikz.exe
-
Size
1.9MB
-
MD5
0d8924260dfd8dd53eb0676769c15079
-
SHA1
938b87329008f696b2c50ec3175c745f3457b58b
-
SHA256
5d99648d8b283d804e96181207de7a560621766a61d592ec9add5a27df1064da
-
SHA512
26b3e78b12598a5ba35b55e1ca52778694480954e3e58f3024a579e965ffd9f843773baeac449345951ed33ca1494eb0b31bd9f1c5a87903b991d93813088454
-
SSDEEP
24576:dEDRCajcIfltzcIiT+UqGNNXvTrrzmFfitswp9oReLUanALD:dBa4gtzcImfqsNfbkZwp9ocnALD
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\rescache\_merged\1601268389\715946058.pri taskmgr.exe File created C:\Windows\rescache\_merged\4183903823\2290032291.pri taskmgr.exe -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString taskmgr.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 taskmgr.exe -
Suspicious behavior: EnumeratesProcesses 15 IoCs
pid Process 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
description pid Process Token: SeDebugPrivilege 672 taskmgr.exe Token: SeSystemProfilePrivilege 672 taskmgr.exe Token: SeCreateGlobalPrivilege 672 taskmgr.exe Token: 33 672 taskmgr.exe Token: SeIncBasePriorityPrivilege 672 taskmgr.exe -
Suspicious use of FindShellTrayWindow 41 IoCs
pid Process 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe -
Suspicious use of SendNotifyMessage 41 IoCs
pid Process 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Mikz.exe"C:\Users\Admin\AppData\Local\Temp\Mikz.exe"1⤵PID:2520
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /71⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:672