Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
13/03/2023, 19:13
230313-xw2yrabf92 3Analysis
-
max time kernel
32s -
max time network
39s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
13/03/2023, 19:13
General
-
Target
EA DLC Unlocker v2.7z
-
Size
175KB
-
MD5
2c628cca730d954ab017d56992c5afdf
-
SHA1
4686d228df5031e36cd3db6b76571f19f0e6781a
-
SHA256
d1f79e21431b19c736e73266c8587148c1e39a4ecb54217e37f0cd71bc0a480a
-
SHA512
6928095f2cadbb116c0aad92f92579a567c73fdc2f2e3610b5a1e59a3be9e5bd1fe473db1889c3b33b6806ef748b730f675025087a2623190156012d211581ec
-
SSDEEP
3072:N0vQo3WMWZSyIao6YjIRvlSryN1HRGQmTyLVWPv/Gcs+K+8Iq94zIYtSBT0vglN6:N0vQuPWQyIaoh8lSryUQAyQls+kYtDga
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\EA DLC Unlocker v2.7z"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\EA DLC Unlocker v2.7z2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x43c1⤵
- Suspicious use of AdjustPrivilegeToken