Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
198s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
07/05/2023, 14:30
Static task
static1
Behavioral task
behavioral1
Sample
Kirbo.7z
Resource
win7-20230220-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
Kirbo.7z
Resource
win10v2004-20230220-en
3 signatures
150 seconds
General
-
Target
Kirbo.7z
-
Size
664.2MB
-
MD5
ebcbcdd2b83f35b6ca75a968a806730f
-
SHA1
de2961b80fca111f0dcfe6ee905962668e85dcc6
-
SHA256
fb7797d8d490f3ce33e87bf80b6d267107798fd1e127d806cbf0b15372cdd382
-
SHA512
995abf51d5e1ec7d97110265ed8a6f334870ba1c163a722a6f0e1f88c6c72314dc8aa6df1487109ef6a3f5bf1a19d3ee1a6657cccb53d9a3d6a2dfc01ff2674d
-
SSDEEP
12582912:G0C/OlEkV3f1hOhsaNenWreGbjXbn21+D5m9MIRS0TpbY3tLBCJlnJpruE4JXMXd:nCcVv1AhsoenWreGfiFuIRSObY9sJbVT
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings cmd.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2452 OpenWith.exe