Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
53s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
30/09/2024, 08:10
Behavioral task
behavioral1
Sample
Unconfirmed 627909.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
Unconfirmed 627909.exe
Resource
win10v2004-20240802-en
General
-
Target
Unconfirmed 627909.exe
-
Size
75.4MB
-
MD5
d80507f67a518eca7d96c5ef4bb72461
-
SHA1
668790131a3c0d877bd91adee4b048ab40478219
-
SHA256
07037656adb04ece9b447b5842d7f7139a1428cd7f3b06cd4aabb3a0a8fb9d83
-
SHA512
0459ec3c4f5e81deca7ae7694ef116caf03d5b6fdfe492a3476089c09694827e58241e0c9ec9fa58973d4fce9c4ee1b5b6ab7a34f76034deca75bdc7cf6bac89
-
SSDEEP
1572864:JvhQ6li9WF7vDSk8IpG7V+VPhq6+fE7WTmlP8iY4MHHLeqPNLtDzoZ2d3:Jvh109gPSkB05aw6+9Tm5XMHVLtIO3
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 332 Unconfirmed 627909.exe -
resource yara_rule behavioral1/files/0x0003000000020aee-1260.dat upx behavioral1/memory/332-1262-0x000007FEF6420000-0x000007FEF6886000-memory.dmp upx -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: 33 2692 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2692 AUDIODG.EXE Token: 33 2692 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2692 AUDIODG.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1520 wrote to memory of 332 1520 Unconfirmed 627909.exe 30 PID 1520 wrote to memory of 332 1520 Unconfirmed 627909.exe 30 PID 1520 wrote to memory of 332 1520 Unconfirmed 627909.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\Unconfirmed 627909.exe"C:\Users\Admin\AppData\Local\Temp\Unconfirmed 627909.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1520 -
C:\Users\Admin\AppData\Local\Temp\Unconfirmed 627909.exe"C:\Users\Admin\AppData\Local\Temp\Unconfirmed 627909.exe"2⤵
- Loads dropped DLL
PID:332
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2144
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4dc1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2692
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
MD53f782cf7874b03c1d20ed90d370f4329
SHA108a2b4a21092321de1dcad1bb2afb660b0fa7749
SHA2562a382aff16533054e6de7d13b837a24d97ea2957805730cc7b08b75e369f58d6
SHA512950c039eb23ed64ca8b2f0a9284ebdb6f0efe71dde5bbf0187357a66c3ab0823418edca34811650270eea967f0e541eece90132f9959d5ba5984405630a99857