Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

Downloads.rar

windows10-2004-x64

3

Analysis

  • max time kernel
    1773s
  • max time network
    1582s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/04/2023, 16:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Downloads.rar

  • Size

    3.0MB

  • MD5

    57c86d351518ec1ff97b6e75908fd649

  • SHA1

    efd1c2f146bb7d00f04572ff09b967c3327e7d02

  • SHA256

    bf9a91faa353fd64c737df00486456f93741275999223a7eae4fad4c314d89d0

  • SHA512

    551ae56717631a9169d5bdcb1ff71babea37074093b30a3e829e413853d3ca8a36343a73025f44633a8c7bf1679a7fd6ad4f3a9fc095fb26ab10923bc97f2c3e

  • SSDEEP

    49152:wX0MqnZQrXkutffxj9qoDnUchbWIID485KccRHmkYXwy/DX2oUswUB2UDN:rMqnZAXkupfxpvQIIs85Kt+3/Y8Blh

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 36 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Downloads.rar
    1⤵
    • Modifies registry class
    PID:3844
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2160
    • C:\Program Files\7-Zip\7z.exe
      "C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\AppData\Local\Temp\Downloads.rar"
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4896
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:1676

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
      Filesize

      28KB

      MD5

      795be94d6d3fc4bfd4649deaeb27dda2

      SHA1

      9e402169b8d1d168023a9179a2acb022aa39696d

      SHA256

      3862aae101d738dab7bd53fc7bbcaa18d9e0c4776679f2572cb7375aed594aef

      SHA512

      a2122c314ddf0b0e5ae86524f1956ef0e73ba60b4186e220ed5c9e8e32df2d8eb0a1b14bea95e488f5bdc4e3defa968f4c5ba3828845c6f162d0428940429845

      Download Submit