Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

OGWhatsApp...30.apk

windows10-2004-x64

3

Resubmissions

10/03/2023, 02:34

230310-c2wzgabd66 3

10/03/2023, 02:34

230310-c2r1hsbd63 1

10/03/2023, 02:34

230310-c2mqssdb3x 1

10/03/2023, 02:34

230310-c2jddabd62 1

10/03/2023, 02:34

230310-c2d4nabd59 1

10/03/2023, 02:33

230310-c1yrnsdb3v 1

Analysis

  • max time kernel
    147s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    10/03/2023, 02:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    OGWhatsApp_Pro_v17.30.apk

  • Size

    478KB

  • MD5

    21123a2ee5878bcfd8954a1362c05d1c

  • SHA1

    2586f11f086c89939d968ba344c497999f9b97b8

  • SHA256

    2e04045616fa079286deec177e4cf748fdb29147ea98788443cfac4261e6c0c2

  • SHA512

    b02921d154a8d6d6bf17427877a782bbea019061de9255508906465aa7e0af02b21b3726e2646e4bdcb17a22565e78fdcd250b8339b9a8c6b73795a784b6e046

  • SSDEEP

    12288:PtoA1pSqr8yFoh38u6FFk+UvVovWqbV3+vsrr6Zxa7i:PtFrrIVh38FFkPvVgzbBesrr/7i

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\OGWhatsApp_Pro_v17.30.apk
    1⤵
    • Modifies registry class
    PID:5044
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4720

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads