Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
99s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20231025-en -
resource tags
arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system -
submitted
03/11/2023, 14:10
Static task
static1
Behavioral task
behavioral1
Sample
Prueba.py
Resource
win10v2004-20231025-en
3 signatures
300 seconds
General
-
Target
Prueba.py
-
Size
225B
-
MD5
8b1ec7d7c47d6c231615f48d2bb07d5f
-
SHA1
f76cb3e9dbeed195dcdedd67e21e2fa45154e76f
-
SHA256
4ceeecb3f6d5578e8dbf3b691ff5e5e63052610fe4ade752571e6b11e6943f0e
-
SHA512
2b575f04a3b956144f6008484f9efc2c15fa2d155aac6c223bd568088b3e4acbb8266bd4fbb8161d0e838ffda2f204a03af4425febfa85b122fb6b1dbdc14526
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 17 IoCs
pid Process 2424 OpenWith.exe 2424 OpenWith.exe 2424 OpenWith.exe 2424 OpenWith.exe 2424 OpenWith.exe 2424 OpenWith.exe 2424 OpenWith.exe 2424 OpenWith.exe 2424 OpenWith.exe 2424 OpenWith.exe 2424 OpenWith.exe 2424 OpenWith.exe 2424 OpenWith.exe 2424 OpenWith.exe 2424 OpenWith.exe 2424 OpenWith.exe 2424 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Prueba.py1⤵
- Modifies registry class
PID:3644
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2424
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:332