Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
1WinSetView...le.ini
windows10-2004-x64
1WinSetView...ts.ini
windows10-2004-x64
1WinSetView...10.ini
windows10-2004-x64
1WinSetView...om.vbs
windows10-2004-x64
7WinSetView...ak.cmd
windows10-2004-x64
1WinSetView...ak.ps1
windows10-2004-x64
1WinSetView...ew.vbs
windows10-2004-x64
1WinSetView...ew.exe
windows10-2004-x64
10WinSetView...ew.ps1
windows10-2004-x64
1Analysis
-
max time kernel
140s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
07/07/2023, 20:28
Static task
static1
Behavioral task
behavioral1
Sample
WinSetView-main/AppData/Win10-Example.ini
Resource
win10v2004-20230703-en
Behavioral task
behavioral2
Sample
WinSetView-main/AppData/Win10-Microsoft-Defaults.ini
Resource
win10v2004-20230703-en
Behavioral task
behavioral3
Sample
WinSetView-main/AppData/Win10.ini
Resource
win10v2004-20230703-en
Behavioral task
behavioral4
Sample
WinSetView-main/Tools/CaptureCustom.vbs
Resource
win10v2004-20230703-en
Behavioral task
behavioral5
Sample
WinSetView-main/Tools/WinSetBak.cmd
Resource
win10v2004-20230703-en
Behavioral task
behavioral6
Sample
WinSetView-main/Tools/WinSetBak.ps1
Resource
win10v2004-20230703-en
Behavioral task
behavioral7
Sample
WinSetView-main/Tools/WinSetView.vbs
Resource
win10v2004-20230703-en
Behavioral task
behavioral8
Sample
WinSetView-main/WinSetView.exe
Resource
win10v2004-20230703-en
Behavioral task
behavioral9
Sample
WinSetView-main/WinSetView.ps1
Resource
win10v2004-20230703-en
General
-
Target
WinSetView-main/Tools/WinSetBak.cmd
-
Size
4KB
-
MD5
050c3a4f7af319080e7757cd4d2e1565
-
SHA1
981e6aa6f8456b5dea79dae29660907a4205576e
-
SHA256
bddfcf49982865cd780ae877ef9fd2c7e67b9de653f6ff107709269e8d914cd1
-
SHA512
9be7b63e48ef977d1769f079d78e88060eea058cdad130dbc590146b2c3a8c09f2f59551641700897c78349ec3207bb1b56bb178a7f6f5cacc586ad28c665d04
-
SSDEEP
96:MRjT7Oxdvmxyk5ds5GsO1UoUefYpCiqcxUXK9obuRzgVCPBRkBh/:MRzyjgOxUXK9obuRzgVCPnu/
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1236 wrote to memory of 1932 1236 cmd.exe 85 PID 1236 wrote to memory of 1932 1236 cmd.exe 85 PID 1932 wrote to memory of 484 1932 cmd.exe 86 PID 1932 wrote to memory of 484 1932 cmd.exe 86
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\WinSetView-main\Tools\WinSetBak.cmd"1⤵
- Suspicious use of WriteProcessMemory
PID:1236 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c Reg Query "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /v Desktop 2>Nul2⤵
- Suspicious use of WriteProcessMemory
PID:1932 -
C:\Windows\system32\reg.exeReg Query "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /v Desktop3⤵PID:484
-
-