Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
3Static
static
3PrudaTweak...ak.exe
windows11-21h2-x64
1PrudaTweak/Sentry.dll
windows11-21h2-x64
1PrudaTweak...om.dll
windows11-21h2-x64
1PrudaTweak...nt.dll
windows11-21h2-x64
1PrudaTweak...on.exe
windows11-21h2-x64
1PrudaTweak/core.dll
windows11-21h2-x64
1PrudaTweak...er.exe
windows11-21h2-x64
1PrudaTweak...64.dll
windows11-21h2-x64
1PrudaTweak...64.dll
windows11-21h2-x64
1PrudaTweak...nt.dll
windows11-21h2-x64
1Analysis
-
max time kernel
147s -
max time network
155s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
26/01/2025, 04:48
Static task
static1
Behavioral task
behavioral1
Sample
PrudaTweak/!PrudaTweak.exe
Resource
win11-20241007-en
Behavioral task
behavioral2
Sample
PrudaTweak/Sentry.dll
Resource
win11-20241007-en
Behavioral task
behavioral3
Sample
PrudaTweak/System.CodeDom.dll
Resource
win11-20241007-en
Behavioral task
behavioral4
Sample
PrudaTweak/System.Management.dll
Resource
win11-20241007-en
Behavioral task
behavioral5
Sample
PrudaTweak/application.exe
Resource
win11-20241007-en
Behavioral task
behavioral6
Sample
PrudaTweak/core.dll
Resource
win11-20241007-en
Behavioral task
behavioral7
Sample
PrudaTweak/crashpad_handler.exe
Resource
win11-20241007-en
Behavioral task
behavioral8
Sample
PrudaTweak/libcrypto-3-x64.dll
Resource
win11-20241007-en
Behavioral task
behavioral9
Sample
PrudaTweak/libssl-3-x64.dll
Resource
win11-20241023-en
Behavioral task
behavioral10
Sample
PrudaTweak/runtimes/win/lib/net8.0/System.Management.dll
Resource
win11-20241007-en
General
-
Target
PrudaTweak/!PrudaTweak.exe
-
Size
135KB
-
MD5
b919c1037e70d3db56f5a5ddb67d9e86
-
SHA1
e96772ca1fe8e044c3a03b46a9535c67c063bec0
-
SHA256
86c4260b065071bb0e89c3b6ea67a1065a63dd23cf03ad4e27cdcbeaf9748398
-
SHA512
502a5252a1ae87f93e272689da3fd206538ffde5e01aa281b3ee3905c273af79cfe9aa3759e675197f7ff6c166f898307789263429cdf34b7402b07a99511b04
-
SSDEEP
3072:2hK4Uay3XrQ8habqgp9pC9Z6p5uf3C6k0xuZ04ntfxjhBur:2hK4XycqgpfCup5sVxuZ04rhA
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 5032 !PrudaTweak.exe 5032 !PrudaTweak.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 5032 !PrudaTweak.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 5032 wrote to memory of 2932 5032 !PrudaTweak.exe 77 PID 5032 wrote to memory of 2932 5032 !PrudaTweak.exe 77
Processes
-
C:\Users\Admin\AppData\Local\Temp\PrudaTweak\!PrudaTweak.exe"C:\Users\Admin\AppData\Local\Temp\PrudaTweak\!PrudaTweak.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5032 -
C:\Users\Admin\AppData\Local\Temp\PrudaTweak\crashpad_handler.exeC:\Users\Admin\AppData\Local\Temp\PrudaTweak\crashpad_handler.exe --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\PrudaTweak\cache --metrics-dir=C:\Users\Admin\AppData\Local\Temp\PrudaTweak\cache --url=https://sentry.pruda.de:443/api/2/minidump/?sentry_client=sentry.native/0.7.16&sentry_key=ae11f7dd565c2b26983cff3e1a33de87 --attachment=C:\Users\Admin\AppData\Local\Temp\PrudaTweak\cache\8c6db67c-503e-436d-d510-aa89c1242d31.run\__sentry-event --attachment=C:\Users\Admin\AppData\Local\Temp\PrudaTweak\cache\8c6db67c-503e-436d-d510-aa89c1242d31.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\AppData\Local\Temp\PrudaTweak\cache\8c6db67c-503e-436d-d510-aa89c1242d31.run\__sentry-breadcrumb2 --initial-client-data=0x5c4,0x5cc,0x5d0,0x5c0,0x5d4,0x7ffba4bd3b70,0x7ffba4bd3b88,0x7ffba4bd3ba02⤵PID:2932
-