Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
79s -
max time network
77s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
19/02/2023, 00:00
General
-
Target
[NEW] Hogwarts Legacy by Empress.rar
-
Size
29.7MB
-
MD5
cfd8232e140eab8777b8f991ae366340
-
SHA1
32d5220d626962ca2c9c7990ac0799307883e169
-
SHA256
f9cedf4358e6229bcc82dad28fd7fe3893f69ac237a30cc343d7aff182bfd025
-
SHA512
c5fe83ea69eed717dbeb7e234f39e42b18f5ce77e6725aee1740dcc92c1d6460f5209f2511c8ce9d9faff66dff25370427a73bb5e0c7624c45929dba1d3c3d63
-
SSDEEP
786432:wt2vfABLUXxAAP+wKYFAb314QQ4VUqTjCG0HaGkgOLBazdA:wGdxYJ32QQ4VleG3gOYz2
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\[NEW] Hogwarts Legacy by Empress.rar"1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\[NEW] Hogwarts Legacy by Empress\" -spe -an -ai#7zMap25857:144:7zEvent223781⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\AppData\Local\Temp\[NEW] Hogwarts Legacy by Empress\[NEW] Hogwarts Legacy by Empress\Hogwarts Legacy by Empress.exe"C:\Users\Admin\AppData\Local\Temp\[NEW] Hogwarts Legacy by Empress\[NEW] Hogwarts Legacy by Empress\Hogwarts Legacy by Empress.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
326.4MB
MD57a1c6ba99ba81106917acf37c8711bac
SHA14b08c2a3d26242d209d45f086f001f4b66a6c31a
SHA256e535bc5f201f84ccd46ecc2374ae4213b46456d8c027d44f58700579018c5264
SHA512b9a234411630edc3029d62954a874714d911704d92db94a27323dec77c4334187ab1608ebf527b90a8d461254364d82c616dfdd31cf0739ff6f026e04def8686
-
Filesize
325.0MB
MD54fb540332dd61d8c89fb5287035fa219
SHA16361238de501376a918f10abb72aade9c25ecca7
SHA256a26da25e4ed5c8e90cf6717653ee5051171d121b7d9446d7b4b7a970afe39c2d
SHA5124e0eb5cc835f13359036fa65d2b1a33262534732ecb6abe77489b56eb31f1e7fa82f885225a3ac40e5a93a147c09f3d12a8abd0e1a11188349a839269122f9d2