Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
133s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20230220-es -
resource tags
arch:x64arch:x86image:win7-20230220-eslocale:es-esos:windows7-x64systemwindows -
submitted
04/05/2023, 00:18
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
snes9x-x64.exe
Resource
win7-20230220-es
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
snes9x-x64.exe
Resource
win10v2004-20230220-es
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
snes9x-x64.exe
-
Size
9.5MB
-
MD5
c7329c54df38bf5d38975c6f37058596
-
SHA1
af158af4986567b25c9224bbccab07d52f83af54
-
SHA256
b9fe59605eb0773a0b50f4166e42984fe7a724fef949a43a86f4a7b722a550b7
-
SHA512
8db507dfd866596457c616d7a8ec017098f438c2a38357bad9b91a782aa5e9f4ffaf967a6e27b51f84a36ff6a9fc3cab702d37c647ccc24a4a7ab71926fd285e
-
SSDEEP
98304:oHECIcVMIJAybBtJeFw6ZL6WnEMJvxWPsDL6pB5x7xJ0uniMCD:yECIcV7JVBZW/dx6sDOtJ0uA
Score
1/10
Malware Config
Signatures
-
Modifies registry class 39 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\Snes9x.Win32\shell\open\command snes9x-x64.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\Applications snes9x-x64.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.zip\OpenWithList\snes9x-x64.exe snes9x-x64.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.gz snes9x-x64.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.swc snes9x-x64.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.fig snes9x-x64.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.bs\OpenWithList snes9x-x64.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\Snes9x.Win32 snes9x-x64.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.smc\OpenWithList\snes9x-x64.exe snes9x-x64.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.msu1\OpenWithList\snes9x-x64.exe snes9x-x64.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.swc\OpenWithList\snes9x-x64.exe snes9x-x64.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.fig\OpenWithList\snes9x-x64.exe snes9x-x64.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.bs snes9x-x64.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\Snes9x.Win32\DefaultIcon snes9x-x64.exe Set value (str) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\Snes9x.Win32\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\snes9x-x64.exe\" \"%L\"" snes9x-x64.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\Applications\snes9x-x64.exe snes9x-x64.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.msu1\OpenWithList snes9x-x64.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.fig\OpenWithList snes9x-x64.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.sfc\OpenWithList\snes9x-x64.exe snes9x-x64.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.sfc\OpenWithList snes9x-x64.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.zip snes9x-x64.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.swc\OpenWithList snes9x-x64.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\Snes9x.Win32\shell snes9x-x64.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\Applications\snes9x-x64.exe\shell\open snes9x-x64.exe Set value (str) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\Applications\snes9x-x64.exe\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\snes9x-x64.exe\" \"%L\"" snes9x-x64.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.smc snes9x-x64.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.sfc snes9x-x64.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.bs\OpenWithList\snes9x-x64.exe snes9x-x64.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\Applications\snes9x-x64.exe\shell snes9x-x64.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.smc\OpenWithList snes9x-x64.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.msu1 snes9x-x64.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.gz\OpenWithList\snes9x-x64.exe snes9x-x64.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.gz\OpenWithList snes9x-x64.exe Set value (str) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\Snes9x.Win32\ = "Snes9x ROM" snes9x-x64.exe Set value (str) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\Snes9x.Win32\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\snes9x-x64.exe,0" snes9x-x64.exe Set value (str) \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\Snes9x.Win32\shell\ = "open" snes9x-x64.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\Snes9x.Win32\shell\open snes9x-x64.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\Applications\snes9x-x64.exe\shell\open\command snes9x-x64.exe Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.zip\OpenWithList snes9x-x64.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1056 snes9x-x64.exe