Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
89s -
max time network
32s -
platform
windows7_x64 -
resource
win7-20230621-en -
resource tags
arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system -
submitted
02/07/2023, 16:15
Static task
static1
Behavioral task
behavioral1
Sample
CR___SO_HACK__1337.rar
Resource
win7-20230621-en
8 signatures
150 seconds
Behavioral task
behavioral2
Sample
CR___SO_HACK__1337.rar
Resource
win10v2004-20230621-en
3 signatures
150 seconds
General
-
Target
CR___SO_HACK__1337.rar
-
Size
3KB
-
MD5
44df73c6da4aa258f9dd70aaa968d365
-
SHA1
c4ed4b91ed245700dcf7d1e592c4f7a52ff9113f
-
SHA256
76a4f73b932dd826e2ad807e0084d39e19decb186ecfc0dcced29729ac7aa5e4
-
SHA512
82558ad75a96a31cdf589ed572977884bd9669bbabf9e4b4b1492b36f13c441c4080972650899207d00d7cf7564f6d50ac95b8168eda362a1cd5de419119eb12
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3419557010-3639509551-242374962-1000_Classes\Local Settings rundll32.exe Key created \REGISTRY\USER\S-1-5-21-3419557010-3639509551-242374962-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache rundll32.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 428 vlc.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 428 vlc.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
pid Process 428 vlc.exe 428 vlc.exe 428 vlc.exe -
Suspicious use of SendNotifyMessage 2 IoCs
pid Process 428 vlc.exe 428 vlc.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 428 vlc.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 1748 wrote to memory of 1648 1748 cmd.exe 29 PID 1748 wrote to memory of 1648 1748 cmd.exe 29 PID 1748 wrote to memory of 1648 1748 cmd.exe 29 PID 1648 wrote to memory of 428 1648 rundll32.exe 30 PID 1648 wrote to memory of 428 1648 rundll32.exe 30 PID 1648 wrote to memory of 428 1648 rundll32.exe 30
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\CR___SO_HACK__1337.rar1⤵
- Suspicious use of WriteProcessMemory
PID:1748 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\CR___SO_HACK__1337.rar2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1648 -
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\CR___SO_HACK__1337.rar"3⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:428
-
-