Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20230621-en -
resource tags
arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system -
submitted
02/07/2023, 16:15
Static task
static1
Behavioral task
behavioral1
Sample
CR___SO_HACK__1337.rar
Resource
win7-20230621-en
8 signatures
150 seconds
Behavioral task
behavioral2
Sample
CR___SO_HACK__1337.rar
Resource
win10v2004-20230621-en
3 signatures
150 seconds
General
-
Target
CR___SO_HACK__1337.rar
-
Size
3KB
-
MD5
44df73c6da4aa258f9dd70aaa968d365
-
SHA1
c4ed4b91ed245700dcf7d1e592c4f7a52ff9113f
-
SHA256
76a4f73b932dd826e2ad807e0084d39e19decb186ecfc0dcced29729ac7aa5e4
-
SHA512
82558ad75a96a31cdf589ed572977884bd9669bbabf9e4b4b1492b36f13c441c4080972650899207d00d7cf7564f6d50ac95b8168eda362a1cd5de419119eb12
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4928 OpenWith.exe