Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
86s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20230703-en -
resource tags
arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system -
submitted
06/07/2023, 22:10
Static task
static1
Behavioral task
behavioral1
Sample
MaritasGame.rar
Resource
win7-20230703-en
9 signatures
150 seconds
Behavioral task
behavioral2
Sample
MaritasGame.rar
Resource
win10v2004-20230703-en
6 signatures
150 seconds
General
-
Target
MaritasGame.rar
-
Size
46.9MB
-
MD5
2be360b964a23bdb077791fc0b95e5e3
-
SHA1
8b9e207bdfb1307f3f53b52a7a4abb4c6af74f3e
-
SHA256
a9ac9bec8258026d4a82c4bbc46bbf5e7fbdc95acef7619185051a50f8b9a702
-
SHA512
0787c14ae2af4c588984120d1bae32b4010ae788a50e8f37521b5ee544390519f970f90e7f1ac4738e30fd776dd9a7d3033703e8ebbd41ca48f63aa1ee80e03e
-
SSDEEP
786432:a4DKYy7zy3Nz2mM26w6+iMPibavUz9PQABKGNlOJvVoiEKPLYk/f3zNZ4:aMYzc5h57tGBKGNIJOiDD/f3zN2
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1724861073-2584418204-2594431177-1000_Classes\Local Settings rundll32.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 3044 vlc.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3044 vlc.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: 33 2096 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2096 AUDIODG.EXE Token: 33 2096 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2096 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 10 IoCs
pid Process 3044 vlc.exe 3044 vlc.exe 3044 vlc.exe 3044 vlc.exe 3044 vlc.exe 3044 vlc.exe 3044 vlc.exe 3044 vlc.exe 3044 vlc.exe 3044 vlc.exe -
Suspicious use of SendNotifyMessage 9 IoCs
pid Process 3044 vlc.exe 3044 vlc.exe 3044 vlc.exe 3044 vlc.exe 3044 vlc.exe 3044 vlc.exe 3044 vlc.exe 3044 vlc.exe 3044 vlc.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3044 vlc.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 2424 wrote to memory of 2448 2424 cmd.exe 29 PID 2424 wrote to memory of 2448 2424 cmd.exe 29 PID 2424 wrote to memory of 2448 2424 cmd.exe 29 PID 2448 wrote to memory of 3044 2448 rundll32.exe 30 PID 2448 wrote to memory of 3044 2448 rundll32.exe 30 PID 2448 wrote to memory of 3044 2448 rundll32.exe 30
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\MaritasGame.rar1⤵
- Suspicious use of WriteProcessMemory
PID:2424 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\MaritasGame.rar2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2448 -
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\MaritasGame.rar"3⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3044
-
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2688
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x5d01⤵
- Suspicious use of AdjustPrivilegeToken
PID:2096