Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
06/10/2024, 07:22
241006-h67vesvfkn 3Analysis
-
max time kernel
240s -
max time network
244s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
06/10/2024, 07:22
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
png-challenge-debug.exe
Resource
win7-20240903-en
windows7-x64
7 signatures
150 seconds
Behavioral task
behavioral2
Sample
png-challenge-debug.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
png-challenge-debug.exe
-
Size
466KB
-
MD5
c90367700d9d6d2a89dffcab6266992e
-
SHA1
dd49fc53e78ca06bc48abc0c439b37bde3eb36bb
-
SHA256
3689c56f101d93cebf65f58b60c87546e135d42d6f211250bf057052f965a572
-
SHA512
6401ac3c5ca66ef4f80e841614ba86985fa33154a7e1ce3f7c661dba1161f1a5627bb5fd63b1c18e207c4fc800f5f4622f5deb7581314da97525fb51908774b3
-
SSDEEP
6144:ktBAvx47xc7wUxehA3xO+wIjsjieMEI6glW5cVFZBhdM/SrQDupJpRCzR0lSLgi:Yq+hoiIjseeM45Yhm/SrJp3RCilggi
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2756 vlc.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2756 vlc.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
description pid Process Token: 33 2768 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2768 AUDIODG.EXE Token: 33 2768 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2768 AUDIODG.EXE Token: SeDebugPrivilege 2412 taskmgr.exe -
Suspicious use of FindShellTrayWindow 53 IoCs
pid Process 2756 vlc.exe 2756 vlc.exe 2756 vlc.exe 2756 vlc.exe 2756 vlc.exe 2756 vlc.exe 2756 vlc.exe 2756 vlc.exe 2756 vlc.exe 2756 vlc.exe 2756 vlc.exe 2756 vlc.exe 2756 vlc.exe 2756 vlc.exe 2756 vlc.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe -
Suspicious use of SendNotifyMessage 52 IoCs
pid Process 2756 vlc.exe 2756 vlc.exe 2756 vlc.exe 2756 vlc.exe 2756 vlc.exe 2756 vlc.exe 2756 vlc.exe 2756 vlc.exe 2756 vlc.exe 2756 vlc.exe 2756 vlc.exe 2756 vlc.exe 2756 vlc.exe 2756 vlc.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe 2412 taskmgr.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2756 vlc.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\png-challenge-debug.exe"C:\Users\Admin\AppData\Local\Temp\png-challenge-debug.exe"1⤵PID:2376
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2292
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0xc41⤵
- Suspicious use of AdjustPrivilegeToken
PID:2768
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\AddSubmit.3gpp"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2756
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:1028
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2412