Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

PrudaTweak...ak.exe

windows11-21h2-x64

1

PrudaTweak/Sentry.dll

windows11-21h2-x64

1

PrudaTweak...om.dll

windows11-21h2-x64

1

PrudaTweak...nt.dll

windows11-21h2-x64

1

PrudaTweak...on.exe

windows11-21h2-x64

1

PrudaTweak/core.dll

windows11-21h2-x64

1

PrudaTweak...er.exe

windows11-21h2-x64

1

PrudaTweak...64.dll

windows11-21h2-x64

1

PrudaTweak...64.dll

windows11-21h2-x64

1

PrudaTweak...nt.dll

windows11-21h2-x64

1

Resubmissions

26/01/2025, 04:48

250126-fff8nssmbz 3

26/01/2025, 04:44

250126-fdcgpsslez 10

Analysis

  • max time kernel
    147s
  • max time network
    155s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    26/01/2025, 04:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PrudaTweak/!PrudaTweak.exe

  • Size

    135KB

  • MD5

    b919c1037e70d3db56f5a5ddb67d9e86

  • SHA1

    e96772ca1fe8e044c3a03b46a9535c67c063bec0

  • SHA256

    86c4260b065071bb0e89c3b6ea67a1065a63dd23cf03ad4e27cdcbeaf9748398

  • SHA512

    502a5252a1ae87f93e272689da3fd206538ffde5e01aa281b3ee3905c273af79cfe9aa3759e675197f7ff6c166f898307789263429cdf34b7402b07a99511b04

  • SSDEEP

    3072:2hK4Uay3XrQ8habqgp9pC9Z6p5uf3C6k0xuZ04ntfxjhBur:2hK4XycqgpfCup5sVxuZ04rhA

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PrudaTweak\!PrudaTweak.exe
    "C:\Users\Admin\AppData\Local\Temp\PrudaTweak\!PrudaTweak.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:5032
    • C:\Users\Admin\AppData\Local\Temp\PrudaTweak\crashpad_handler.exe
      C:\Users\Admin\AppData\Local\Temp\PrudaTweak\crashpad_handler.exe --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\PrudaTweak\cache --metrics-dir=C:\Users\Admin\AppData\Local\Temp\PrudaTweak\cache --url=https://sentry.pruda.de:443/api/2/minidump/?sentry_client=sentry.native/0.7.16&sentry_key=ae11f7dd565c2b26983cff3e1a33de87 --attachment=C:\Users\Admin\AppData\Local\Temp\PrudaTweak\cache\8c6db67c-503e-436d-d510-aa89c1242d31.run\__sentry-event --attachment=C:\Users\Admin\AppData\Local\Temp\PrudaTweak\cache\8c6db67c-503e-436d-d510-aa89c1242d31.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\AppData\Local\Temp\PrudaTweak\cache\8c6db67c-503e-436d-d510-aa89c1242d31.run\__sentry-breadcrumb2 --initial-client-data=0x5c4,0x5cc,0x5d0,0x5c0,0x5d4,0x7ffba4bd3b70,0x7ffba4bd3b88,0x7ffba4bd3ba0
      2⤵
        PID:2932

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/5032-2-0x00007FFBA4BE1000-0x00007FFBA516F000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/5032-0-0x00007FFBC9CF0000-0x00007FFBC9CF2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/5032-1-0x00007FFBA4AF0000-0x00007FFBA5942000-memory.dmp

      Filesize

      14.3MB

      Download

    • memory/5032-10-0x00007FFBA4BE1000-0x00007FFBA516F000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/5032-11-0x00007FFBA4AF0000-0x00007FFBA5942000-memory.dmp

      Filesize

      14.3MB

      Download