Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1328s -
max time network
1156s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
12/07/2023, 01:13
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
MC LAUNCHER.rar
Resource
win7-20230703-en
8 signatures
1800 seconds
Behavioral task
behavioral2
Sample
MC LAUNCHER.rar
Resource
win10v2004-20230703-en
4 signatures
1800 seconds
General
-
Target
MC LAUNCHER.rar
-
Size
254KB
-
MD5
fe0b0249d2ae44e9ed458b2e267b81aa
-
SHA1
8bf9d8d73adb078513e38058d6db96ed9ac4f8fb
-
SHA256
b2ed92361b143b7e8d3a78c20ac9b3a11a03c3cee9af9fdf75a4dc57d4b68e74
-
SHA512
29e4982206f96808526bf1a49a413589b88e9e1f676f749c98eb4be128f502478fdd493e0e72d2ec57e4f1b255b83d73f97ad60646eda6f161591e9a639e305b
-
SSDEEP
6144:NLdA/4zWv196TU0BwZb016Zub/JWABzMMA+qr:NLwiWvVFKQaBWAdMP
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 264 OpenWith.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
pid Process 264 OpenWith.exe 264 OpenWith.exe 264 OpenWith.exe 264 OpenWith.exe 264 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\MC LAUNCHER.rar"1⤵
- Modifies registry class
PID:4452
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:264
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2564