Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
98s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
13/10/2024, 03:58
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
sss/Driver.sys
Resource
win10v2004-20241007-en
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
sss/kitty.cc checkers.bat
Resource
win10v2004-20241007-en
2 signatures
150 seconds
Behavioral task
behavioral3
Sample
sss/kitty.cc temp free.exe
Resource
win10v2004-20241007-en
2 signatures
150 seconds
General
-
Target
sss/kitty.cc checkers.bat
-
Size
833B
-
MD5
76f2916842fa2b9cf80a206374b62d88
-
SHA1
c04a8f8db6388dad5e3c7e3edbbe9467e46cdd48
-
SHA256
59a907b93585ff90f7c69e4eddde938b8005807fe16a5a45b56820e28e07edcd
-
SHA512
5e0ffbc4e939568237d27c53e60eed88de8474b0d6ae9e767e66e8858cd3de7467f2b48b29a02a2a1b2e8922ed4bb4eb300632796ea39e531037f194ffac7eba
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 3652 WMIC.exe Token: SeSecurityPrivilege 3652 WMIC.exe Token: SeTakeOwnershipPrivilege 3652 WMIC.exe Token: SeLoadDriverPrivilege 3652 WMIC.exe Token: SeSystemProfilePrivilege 3652 WMIC.exe Token: SeSystemtimePrivilege 3652 WMIC.exe Token: SeProfSingleProcessPrivilege 3652 WMIC.exe Token: SeIncBasePriorityPrivilege 3652 WMIC.exe Token: SeCreatePagefilePrivilege 3652 WMIC.exe Token: SeBackupPrivilege 3652 WMIC.exe Token: SeRestorePrivilege 3652 WMIC.exe Token: SeShutdownPrivilege 3652 WMIC.exe Token: SeDebugPrivilege 3652 WMIC.exe Token: SeSystemEnvironmentPrivilege 3652 WMIC.exe Token: SeRemoteShutdownPrivilege 3652 WMIC.exe Token: SeUndockPrivilege 3652 WMIC.exe Token: SeManageVolumePrivilege 3652 WMIC.exe Token: 33 3652 WMIC.exe Token: 34 3652 WMIC.exe Token: 35 3652 WMIC.exe Token: 36 3652 WMIC.exe Token: SeIncreaseQuotaPrivilege 3652 WMIC.exe Token: SeSecurityPrivilege 3652 WMIC.exe Token: SeTakeOwnershipPrivilege 3652 WMIC.exe Token: SeLoadDriverPrivilege 3652 WMIC.exe Token: SeSystemProfilePrivilege 3652 WMIC.exe Token: SeSystemtimePrivilege 3652 WMIC.exe Token: SeProfSingleProcessPrivilege 3652 WMIC.exe Token: SeIncBasePriorityPrivilege 3652 WMIC.exe Token: SeCreatePagefilePrivilege 3652 WMIC.exe Token: SeBackupPrivilege 3652 WMIC.exe Token: SeRestorePrivilege 3652 WMIC.exe Token: SeShutdownPrivilege 3652 WMIC.exe Token: SeDebugPrivilege 3652 WMIC.exe Token: SeSystemEnvironmentPrivilege 3652 WMIC.exe Token: SeRemoteShutdownPrivilege 3652 WMIC.exe Token: SeUndockPrivilege 3652 WMIC.exe Token: SeManageVolumePrivilege 3652 WMIC.exe Token: 33 3652 WMIC.exe Token: 34 3652 WMIC.exe Token: 35 3652 WMIC.exe Token: 36 3652 WMIC.exe Token: SeIncreaseQuotaPrivilege 3656 WMIC.exe Token: SeSecurityPrivilege 3656 WMIC.exe Token: SeTakeOwnershipPrivilege 3656 WMIC.exe Token: SeLoadDriverPrivilege 3656 WMIC.exe Token: SeSystemProfilePrivilege 3656 WMIC.exe Token: SeSystemtimePrivilege 3656 WMIC.exe Token: SeProfSingleProcessPrivilege 3656 WMIC.exe Token: SeIncBasePriorityPrivilege 3656 WMIC.exe Token: SeCreatePagefilePrivilege 3656 WMIC.exe Token: SeBackupPrivilege 3656 WMIC.exe Token: SeRestorePrivilege 3656 WMIC.exe Token: SeShutdownPrivilege 3656 WMIC.exe Token: SeDebugPrivilege 3656 WMIC.exe Token: SeSystemEnvironmentPrivilege 3656 WMIC.exe Token: SeRemoteShutdownPrivilege 3656 WMIC.exe Token: SeUndockPrivilege 3656 WMIC.exe Token: SeManageVolumePrivilege 3656 WMIC.exe Token: 33 3656 WMIC.exe Token: 34 3656 WMIC.exe Token: 35 3656 WMIC.exe Token: 36 3656 WMIC.exe Token: SeIncreaseQuotaPrivilege 3656 WMIC.exe -
Suspicious use of WriteProcessMemory 18 IoCs
description pid Process procid_target PID 2236 wrote to memory of 1824 2236 cmd.exe 85 PID 2236 wrote to memory of 1824 2236 cmd.exe 85 PID 2236 wrote to memory of 3652 2236 cmd.exe 86 PID 2236 wrote to memory of 3652 2236 cmd.exe 86 PID 2236 wrote to memory of 3656 2236 cmd.exe 88 PID 2236 wrote to memory of 3656 2236 cmd.exe 88 PID 2236 wrote to memory of 3432 2236 cmd.exe 89 PID 2236 wrote to memory of 3432 2236 cmd.exe 89 PID 2236 wrote to memory of 544 2236 cmd.exe 90 PID 2236 wrote to memory of 544 2236 cmd.exe 90 PID 2236 wrote to memory of 1536 2236 cmd.exe 92 PID 2236 wrote to memory of 1536 2236 cmd.exe 92 PID 2236 wrote to memory of 3616 2236 cmd.exe 94 PID 2236 wrote to memory of 3616 2236 cmd.exe 94 PID 2236 wrote to memory of 5112 2236 cmd.exe 95 PID 2236 wrote to memory of 5112 2236 cmd.exe 95 PID 2236 wrote to memory of 4820 2236 cmd.exe 96 PID 2236 wrote to memory of 4820 2236 cmd.exe 96
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\sss\kitty.cc checkers.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:2236 -
C:\Windows\system32\mode.commode con: cols=180 lines=622⤵PID:1824
-
-
C:\Windows\System32\Wbem\WMIC.exewmic diskdrive get serialnumber2⤵
- Suspicious use of AdjustPrivilegeToken
PID:3652
-
-
C:\Windows\System32\Wbem\WMIC.exewmic baseboard get serialnumber2⤵
- Suspicious use of AdjustPrivilegeToken
PID:3656
-
-
C:\Windows\System32\Wbem\WMIC.exewmic path win32_computersystemproduct get uuid2⤵PID:3432
-
-
C:\Windows\System32\Wbem\WMIC.exewmic PATH Win32_VideoController GET Description,PNPDeviceID2⤵PID:544
-
-
C:\Windows\System32\Wbem\WMIC.exewmic memorychip get serialnumber2⤵PID:1536
-
-
C:\Windows\System32\Wbem\WMIC.exewmic csproduct get uuid2⤵PID:3616
-
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get processorid2⤵PID:5112
-
-
C:\Windows\System32\Wbem\WMIC.exewmic path Win32_NetworkAdapter where "PNPDeviceID like '%PCI%' AND NetConnectionStatus=2 AND AdapterTypeID='0'" get MacAddress2⤵PID:4820
-