Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    119s
  • max time network
    198s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/05/2023, 14:30

General

  • Target

    Kirbo.7z

  • Size

    664.2MB

  • MD5

    ebcbcdd2b83f35b6ca75a968a806730f

  • SHA1

    de2961b80fca111f0dcfe6ee905962668e85dcc6

  • SHA256

    fb7797d8d490f3ce33e87bf80b6d267107798fd1e127d806cbf0b15372cdd382

  • SHA512

    995abf51d5e1ec7d97110265ed8a6f334870ba1c163a722a6f0e1f88c6c72314dc8aa6df1487109ef6a3f5bf1a19d3ee1a6657cccb53d9a3d6a2dfc01ff2674d

  • SSDEEP

    12582912:G0C/OlEkV3f1hOhsaNenWreGbjXbn21+D5m9MIRS0TpbY3tLBCJlnJpruE4JXMXd:nCcVv1AhsoenWreGfiFuIRSObY9sJbVT

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Kirbo.7z
    1⤵
    • Modifies registry class
    PID:4420
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2452

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads