Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
143s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
02/08/2023, 07:16
Static task
static1
Behavioral task
behavioral1
Sample
autoit3.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
autoit3.exe
Resource
win10v2004-20230703-en
Behavioral task
behavioral3
Sample
rsa2.au3
Resource
win7-20230712-en
Behavioral task
behavioral4
Sample
rsa2.au3
Resource
win10v2004-20230703-en
General
-
Target
rsa2.au3
-
Size
754KB
-
MD5
9720ca39505213d841f6285a8138411f
-
SHA1
ac677d7a325085bbed8becb73374ef9c37eba68e
-
SHA256
82cded542f1769d4962979d307e1eec747ad83a25691227a7395d2286547e02c
-
SHA512
00ac130f350eb25416ec2e1c174e53d759867cdf6859a60022abbc8642111275589b482ab4b2ca25990906a2feb4a5a50e40533b6a273f7a2ab3575e66717fee
-
SSDEEP
12288:BIk8KnbVr8q2kIUUVR47VT6WNfZtbff2IW0nzQNIeBaEl20E:BI6bVgqIuQmvbfWGzgfaElRE
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 25 IoCs
pid Process 2332 OpenWith.exe 2332 OpenWith.exe 2332 OpenWith.exe 2332 OpenWith.exe 2332 OpenWith.exe 2332 OpenWith.exe 2332 OpenWith.exe 2332 OpenWith.exe 2332 OpenWith.exe 2332 OpenWith.exe 2332 OpenWith.exe 2332 OpenWith.exe 2332 OpenWith.exe 2332 OpenWith.exe 2332 OpenWith.exe 2332 OpenWith.exe 2332 OpenWith.exe 2332 OpenWith.exe 2332 OpenWith.exe 2332 OpenWith.exe 2332 OpenWith.exe 2332 OpenWith.exe 2332 OpenWith.exe 2332 OpenWith.exe 2332 OpenWith.exe