Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    141s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/08/2023, 13:21

General

  • Target

    Setting File/MINI KeyBoard/MINI KeyBoard-英文/HidLibrary.pdb

  • Size

    135KB

  • MD5

    6070317c3bd5fa036a2fb6613451c698

  • SHA1

    1b19dcb65c8f31042ce21604112376af92c3d138

  • SHA256

    ff33c180707989f3cff1136b131af640da01999e44cf2d05c1d8bc204633210f

  • SHA512

    df8692e345b36786771c29a392485820928c489cb9600078f75be26a234be79765de36a6e7c5046bb6b9b5b3ebff967d3f34364ce8c0ead7eb33dacddac44211

  • SSDEEP

    768:jBPEPLPu5rpck1lDk8R/3Ntmm/fIoGm4499QQcc663XeJYHnVV2wXg86CzFVry2C:WMXgPCzFVpBLA2X3wwku0XG3why

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Setting File\MINI KeyBoard\MINI KeyBoard-英文\HidLibrary.pdb"
    1⤵
    • Modifies registry class
    PID:3916
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4488

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads