Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

IMG-654-61...ip.scr

windows7_x64

9

IMG-654-61...ip.scr

windows10_x64

9

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    14/07/2020, 11:09 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IMG-654-611-44.JPEG.zip.scr

  • Size

    816KB

  • MD5

    83548d974ace23e31217eba1d0888fcb

  • SHA1

    8b44b85cd1f009bca7da3f98cbac92fd5e601131

  • SHA256

    b16313623225240e8d7e449c11d808f59807a3cce123b65aee197e5cc38a2a60

  • SHA512

    6ad31152e5b0956254c0f4dfdacd54d5dcceda5628b820b61ffe1c6824c538b38b7899fe95d7c07426c180798cfbd1ceb7e996efda2d1e55bbdfb9de7bf0bf95

Score
9/10

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
  • Looks for VMWare Tools registry key 2 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\IMG-654-611-44.JPEG.zip.scr
    "C:\Users\Admin\AppData\Local\Temp\IMG-654-611-44.JPEG.zip.scr" /S
    1⤵
    • Checks BIOS information in registry
    • Looks for VirtualBox Guest Additions in registry
    • Looks for VMWare Tools registry key
    • Suspicious use of WriteProcessMemory
    • Suspicious use of SetThreadContext
    • Maps connected drives based on registry
    PID:1492
    • C:\Users\Admin\AppData\Local\Temp\IMG-654-611-44.JPEG.zip.scr
      "{path}"
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious behavior: EnumeratesProcesses
      PID:1028

Network

    No results found
No results found
  • 10.7.0.255:137
    netbios-ns
    78 B
     1
  • 10.7.0.255:138
    netbios-dgm
    458 B
     2
  • 239.255.255.250:1900
    966 B
     6
  • 239.255.255.250:1900

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1028-0-0x0000000000400000-0x0000000000452000-memory.dmp

    Filesize

    328KB

    Download

  • memory/1028-2-0x0000000000400000-0x0000000000452000-memory.dmp

    Filesize

    328KB

    Download

  • memory/1028-3-0x0000000000400000-0x0000000000452000-memory.dmp

    Filesize

    328KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.