Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

FileSetupThere+.rar

windows7-x64

3

FileSetupThere+.rar

windows10-2004-x64

3

Resubmissions

13/06/2023, 13:21

230613-ql4w2agc84 3

13/06/2023, 09:01

230613-kyvagafe94 10

Analysis

  • max time kernel
    140s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    13/06/2023, 13:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FileSetupThere+.rar

  • Size

    15.0MB

  • MD5

    b60ee47ca52121cfa03fc19213b18ab2

  • SHA1

    6c8c8537547e5ab76bbf4451818d6eccb6311219

  • SHA256

    e63738463dcbc69fd4a7e7df7702b2a9453cb315290ad577e662d804fa6a3d97

  • SHA512

    fbbd98261888c21e036001dc64b9ef13ec4e957e31578433a515bcedfab87992f5fd1fc1c74fef62cb6ffb18cac0cc34c2b4eaa9321acedfdc5ab796dc4a883a

  • SSDEEP

    393216:KanehXz9RZ9YMwjXj+WfGesT5bU2jmYhO1c:NnOJRz2SWfG5RKkZ

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\FileSetupThere+.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1252
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\FileSetupThere+.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1176
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\FileSetupThere+.rar"
        3⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:1772

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1772-83-0x000000013FE00000-0x000000013FEF8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1772-84-0x000007FEFB650000-0x000007FEFB684000-memory.dmp

    Filesize

    208KB

    Download

  • memory/1772-85-0x000007FEF6A60000-0x000007FEF6D14000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/1772-86-0x000007FEFB820000-0x000007FEFB838000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1772-87-0x000007FEFB630000-0x000007FEFB647000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1772-88-0x000007FEFB610000-0x000007FEFB621000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1772-89-0x000007FEFB5F0000-0x000007FEFB607000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1772-90-0x000007FEFB5D0000-0x000007FEFB5E1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1772-91-0x000007FEFB3C0000-0x000007FEFB3DD000-memory.dmp

    Filesize

    116KB

    Download

  • memory/1772-93-0x000007FEFB3A0000-0x000007FEFB3B1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1772-92-0x000007FEF67E0000-0x000007FEF69E0000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1772-94-0x000007FEFB360000-0x000007FEFB39F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/1772-95-0x000007FEFB330000-0x000007FEFB351000-memory.dmp

    Filesize

    132KB

    Download

  • memory/1772-96-0x000007FEFB310000-0x000007FEFB328000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1772-97-0x000007FEF5730000-0x000007FEF67DB000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/1772-98-0x000007FEF6FE0000-0x000007FEF6FF1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1772-99-0x000007FEF6FC0000-0x000007FEF6FD1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1772-100-0x000007FEF6FA0000-0x000007FEF6FB1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1772-101-0x000007FEF6F80000-0x000007FEF6F9B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1772-102-0x000007FEF6F60000-0x000007FEF6F71000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1772-103-0x000007FEF6F40000-0x000007FEF6F58000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1772-104-0x000007FEF6F10000-0x000007FEF6F40000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1772-105-0x000007FEF6EA0000-0x000007FEF6F07000-memory.dmp

    Filesize

    412KB

    Download

  • memory/1772-106-0x000007FEF56C0000-0x000007FEF572F000-memory.dmp

    Filesize

    444KB

    Download

  • memory/1772-107-0x000007FEF6E60000-0x000007FEF6E71000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1772-108-0x000007FEF5660000-0x000007FEF56B6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/1772-109-0x000007FEF6A30000-0x000007FEF6A58000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1772-110-0x000007FEF5630000-0x000007FEF5654000-memory.dmp

    Filesize

    144KB

    Download

  • memory/1772-111-0x000007FEF6E40000-0x000007FEF6E57000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1772-112-0x000007FEF5600000-0x000007FEF5623000-memory.dmp

    Filesize

    140KB

    Download

  • memory/1772-113-0x000007FEF55E0000-0x000007FEF55F1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1772-114-0x000007FEF55C0000-0x000007FEF55D2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1772-115-0x000007FEF5590000-0x000007FEF55B1000-memory.dmp

    Filesize

    132KB

    Download

  • memory/1772-116-0x000007FEF5570000-0x000007FEF5583000-memory.dmp

    Filesize

    76KB

    Download

  • memory/1772-117-0x000007FEF5550000-0x000007FEF5562000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1772-118-0x000007FEF5410000-0x000007FEF554B000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/1772-119-0x000007FEF53E0000-0x000007FEF540C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1772-120-0x000007FEF5220000-0x000007FEF53D2000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1772-121-0x000007FEF50F0000-0x000007FEF514C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/1772-122-0x000007FEF50D0000-0x000007FEF50E1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1772-123-0x000007FEF5030000-0x000007FEF50C7000-memory.dmp

    Filesize

    604KB

    Download

  • memory/1772-124-0x000007FEF4F70000-0x000007FEF4F82000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1772-125-0x000007FEF4D30000-0x000007FEF4F61000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1772-126-0x000007FEF4C10000-0x000007FEF4D22000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1772-127-0x000007FEF4880000-0x000007FEF48B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1772-128-0x000007FEF4850000-0x000007FEF4875000-memory.dmp

    Filesize

    148KB

    Download

  • memory/1772-129-0x000007FEF4830000-0x000007FEF4841000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1772-130-0x000007FEF47C0000-0x000007FEF4821000-memory.dmp

    Filesize

    388KB

    Download

  • memory/1772-131-0x000007FEF47A0000-0x000007FEF47B1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1772-132-0x000007FEF4380000-0x000007FEF4392000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1772-133-0x000007FEF42F0000-0x000007FEF4303000-memory.dmp

    Filesize

    76KB

    Download

  • memory/1772-134-0x000007FEF4250000-0x000007FEF42EF000-memory.dmp

    Filesize

    636KB

    Download

  • memory/1772-135-0x000007FEF4230000-0x000007FEF4241000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1772-136-0x000007FEF40B0000-0x000007FEF41B2000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1772-137-0x000007FEF4090000-0x000007FEF40A1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1772-138-0x000007FEF4070000-0x000007FEF4081000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1772-139-0x000007FEF4050000-0x000007FEF4061000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1772-140-0x000007FEF3F50000-0x000007FEF3F62000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1772-141-0x000007FEF3F30000-0x000007FEF3F48000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1772-142-0x000007FEF3EA0000-0x000007FEF3EB6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1772-143-0x000007FEF3CB0000-0x000007FEF3CD9000-memory.dmp

    Filesize

    164KB

    Download

  • memory/1772-144-0x000007FEF3C90000-0x000007FEF3CA2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1772-145-0x000007FEF3C70000-0x000007FEF3C81000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1772-146-0x000007FEF3C00000-0x000007FEF3C11000-memory.dmp

    Filesize

    68KB

    Download