Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
110s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
24/03/2023, 18:33
Static task
static1
Behavioral task
behavioral1
Sample
phish_alert_sp2_2.0.0.0.eml
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
phish_alert_sp2_2.0.0.0.eml
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
email-html-1.html
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
email-html-1.html
Resource
win10v2004-20230221-en
Behavioral task
behavioral5
Sample
subscription_agreement_2056677798786.html
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
subscription_agreement_2056677798786.html
Resource
win10v2004-20230220-en
General
-
Target
phish_alert_sp2_2.0.0.0.eml
-
Size
147KB
-
MD5
333109550bf614f1ccabf3b125495551
-
SHA1
16e1e61dc219fad4cd7ee1836e35f29b43a83fb4
-
SHA256
0dd2b43f14f50be2801c608d11c65b161606451f554f28bb9e5cf9db5f27eee5
-
SHA512
fd7837bfac6d82064fefdb6df553354e9e4b846cde3d76e79befae6768ae00a5c856a12a1c7078624028140f55c6e4a38bb515d857a9d296c70419f9b97aa853
-
SSDEEP
1536:ZQuHtRBeAlBnwVw/wUrnXFuDLklgZWdmjiI0JLMmsgMc/U9Ci1xi9JbsszGQnLUB:Zrpll/wqXFuklgZPuGsU9+JbssPl0
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings OpenWith.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\AppData\Local\Temp\phish_alert_sp2_2.0.0.0.eml:OECustomProperty cmd.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1280 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\phish_alert_sp2_2.0.0.0.eml1⤵
- Modifies registry class
- NTFS ADS
PID:4312
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1280