Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
370s -
max time network
867s -
platform
windows10-1703_x64 -
resource
win10-20220812-en -
resource tags
-
submitted
29/12/2022, 23:21
General
-
Target
apgb2qp-kmn-win.rar
-
Size
14.1MB
-
MD5
22c6e21817a101f0cda381eba29ee536
-
SHA1
37ffaa488ac5ce6fe6f6b4460fcf177a027d98fa
-
SHA256
ba062ded9471928fb75bfb07b8fe8eee19f6e3c4bf0bc6634cc3f1778312eea1
-
SHA512
a4919d104eff2b6313503f88832596ca1682ca40a941d23b5e6c6b98cd7d93fc4bbc82655b25ccab1401d53bc35cd846afb195cbc93ff77c86be7568c8ae9d39
-
SSDEEP
393216:J12h7JXS4bIJ5KaVVcErC5CPR7scF/i3bHsHIlr3k76VieCdrZR:J127JgekbP1ji3bHTr0eCdrz
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 2 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 19 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\apgb2qp-kmn-win.rar1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\apgb2qp-kmn-win.rar2⤵
-