Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    322s
  • max time network
    326s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-es
  • resource tags

    arch:x64arch:x86image:win10-20230220-eslocale:es-esos:windows10-1703-x64systemwindows
  • submitted
    12/06/2023, 00:36

General

  • Target

    Nueva carpeta.rar

  • Size

    3.1MB

  • MD5

    570be0eba71407eb421079b5bf2f63a3

  • SHA1

    ba8438cf87e096a496887d4e4ac5845364b0474f

  • SHA256

    d5ab26dd15b9d540ee6c471730dc63c66aab8ae3b409083de087688f877d1c18

  • SHA512

    d9ed826c1d3f1b945b0beef870f98c2a9b55f60c91def6c039e3fc038cf34806433409ca2f7f043d7fe1c7584290a5b191cf32193e0aa01f163debf350453b7a

  • SSDEEP

    49152:w0sXQdnxCN59eB1U0oeKkra+889aqWhPinEVorDr2UbJyrua/Z3g9BWXnTxNFeHj:w864B5fKI7zGPiEYrVVJ+CWXnFNSeC

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of FindShellTrayWindow 10 IoCs
  • Suspicious use of SendNotifyMessage 9 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Nueva carpeta.rar"
    1⤵
    • Modifies registry class
    PID:3148
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5028
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Nueva carpeta.rar"
      2⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:972
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3640

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\vlc\vlcrc.972

      Filesize

      93KB

      MD5

      7d5ef2dffb8d0f8c5dfde20525d9e9ec

      SHA1

      875f7115389c71f411249b9e619c6c3c76ad4972

      SHA256

      97f54303096bd3b0925de62fff499ebcaf6b152a7a49a805491b249fc2723b1e

      SHA512

      a37ad0ecb44b1d10293792bc9b6e79c9d507ccab608ba82576c7e27f6f167a0c122593a2dce5da79a5bb5d6deb5a80707873e69307e106a3632f925c7c0b8d39

    • memory/972-132-0x00007FF64B4C0000-0x00007FF64B5B8000-memory.dmp

      Filesize

      992KB

    • memory/972-133-0x00007FFD87A40000-0x00007FFD87A74000-memory.dmp

      Filesize

      208KB

    • memory/972-134-0x00007FFD837D0000-0x00007FFD83A84000-memory.dmp

      Filesize

      2.7MB

    • memory/972-135-0x00007FFD73C80000-0x00007FFD74D2B000-memory.dmp

      Filesize

      16.7MB

    • memory/972-136-0x00007FFD72BD0000-0x00007FFD72CE2000-memory.dmp

      Filesize

      1.1MB