Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

RE AN Andr...B).msg

windows10-2004-x64

3

Deleniti.zip

windows10-2004-x64

1

Deleniti.html

windows10-2004-x64

1

v (1368).txt

windows10-2004-x64

1

Analysis

  • max time kernel
    510s
  • max time network
    514s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/03/2023, 01:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RE AN Andrewartha ATO RF 7112206980764 SECOFFICIALSensitive ACCES... (12.5 KB).msg

  • Size

    32KB

  • MD5

    73db942a579977b592215e3f8893bce6

  • SHA1

    9b61e29c42ef126e7aea39a6626279e65b0563d9

  • SHA256

    b05f189321328571bcb1ed6f40d74d3d9f44884d22e4ee574f2a86362e6d2534

  • SHA512

    7f44e874129bcef12ccbbef4833fc47b5f92759f0f6826746a549a6c4ddbe67da89e4dcd328b4f6678d07cb50a3363c2ee556eeb92422c570113a674f86847d7

  • SSDEEP

    384:PRTZf0SHmg9mKAfSUGWPX20fo2STUW/h8+8fer9QaH1/QTfXqsy7Gh:ZTZojqU/20EUufJlo7qsy7G

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\RE AN Andrewartha ATO RF 7112206980764 SECOFFICIALSensitive ACCES... (12.5 KB).msg"
    1⤵
    • Modifies registry class
    PID:1988
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5000

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads