Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

3

Mercedes-B...al.rar

windows10-2004-x64

3

mercedes_e...un.exe

windows10-2004-x64

1

mercedes_e...lp.cnt

windows10-2004-x64

3

mercedes_e...lp.hlp

windows10-2004-x64

4

mercedes_e...ce.dat

windows10-2004-x64

3

mercedes_e...ev.dhl

windows10-2004-x64

3

mercedes_e..._2.txt

windows10-2004-x64

1

mercedes_e...un.inf

windows10-2004-x64

1

mercedes_e...lt.jpg

windows10-2004-x64

3

mercedes_e...lt.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    80s
  • max time network
    92s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2023, 20:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mercedes_e_class_w124_1985_1995_mult/Run/help.cnt

  • Size

    423B

  • MD5

    854611681197ec1014e68615fc05e63f

  • SHA1

    e68f3f8b156f36786de71bd38b9c6fea6cdb6313

  • SHA256

    cc48373f4b3df5a8f307f7742199a184b1f6c61f88fafb88c6d05ca5fe89b86b

  • SHA512

    27deb8755f2627876afcf765fb2fd648b4aeb527b08871b1efd23685e5730151aaaaca0be280e9cfb57479d039fa7d1aaf378418b88d3a877d16e2f8081405ff

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\mercedes_e_class_w124_1985_1995_mult\Run\help.cnt
    1⤵
    • Modifies registry class
    PID:3980
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3168

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads