Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
12/12/2024, 04:14
Behavioral task
behavioral1
Sample
fc364a556626ff589895ec8066596c31937bb5ab13262fcae9bdf4e6d958d7d6.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fc364a556626ff589895ec8066596c31937bb5ab13262fcae9bdf4e6d958d7d6.exe
Resource
win10v2004-20241007-en
General
-
Target
fc364a556626ff589895ec8066596c31937bb5ab13262fcae9bdf4e6d958d7d6.exe
-
Size
2.0MB
-
MD5
492a9773bc7e588d9d6af185def38e86
-
SHA1
9742cbf76e89c4c6b45c0a2b2150e9b1e84640c3
-
SHA256
fc364a556626ff589895ec8066596c31937bb5ab13262fcae9bdf4e6d958d7d6
-
SHA512
c0286d00ba3cfc4448707d36fac2274e970ceb59123d1286cea64acad82005415788c4f8ede33b84f510d032d3a5959ddbf75f9fd27d795f7f58a865409bdf24
-
SSDEEP
24576:6whj2cfumIkEQC+8nefmhMEuvrk6fQCuGN9NyhXremx:FqcWmJvhEerkM8GK1
Malware Config
Extracted
metasploit
metasploit_stager
192.168.168.129:8001
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 32 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 32 AUDIODG.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\fc364a556626ff589895ec8066596c31937bb5ab13262fcae9bdf4e6d958d7d6.exe"C:\Users\Admin\AppData\Local\Temp\fc364a556626ff589895ec8066596c31937bb5ab13262fcae9bdf4e6d958d7d6.exe"1⤵PID:5004
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x300 0x2f81⤵
- Suspicious use of AdjustPrivilegeToken
PID:32