Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system -
submitted
14/11/2023, 19:09
Static task
static1
Behavioral task
behavioral1
Sample
019fb19f194def75f942718737a1d691a9a2eee5f571429e9494a1feec3eecab.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
019fb19f194def75f942718737a1d691a9a2eee5f571429e9494a1feec3eecab.exe
Resource
win10v2004-20231020-en
General
-
Target
019fb19f194def75f942718737a1d691a9a2eee5f571429e9494a1feec3eecab.exe
-
Size
2.6MB
-
MD5
6174f1c61a30552b58e2e747d7815cd5
-
SHA1
465ae65cc7a59d88ec5dc1109bf3be37349c92e2
-
SHA256
019fb19f194def75f942718737a1d691a9a2eee5f571429e9494a1feec3eecab
-
SHA512
7c27c4195af45156250103bdd9264c82606d4f22fb2b84c9c5bcdc5af66281d89c38f1b3cd5198db877294dd3e78c4af10644bb4495fad105e7022972f6fc2b3
-
SSDEEP
49152:SqA6pDItQ7XxeZ0EW8W/ATyvcO4z1Pq3eAQm:SqFDEiAWvcOuPq3eAJ
Malware Config
Signatures
-
Identifies Wine through registry keys 2 TTPs 3 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Wine 019fb19f194def75f942718737a1d691a9a2eee5f571429e9494a1feec3eecab.exe Key opened \REGISTRY\MACHINE\Software\Wow6432Node\Wine 019fb19f194def75f942718737a1d691a9a2eee5f571429e9494a1feec3eecab.exe Key opened \REGISTRY\MACHINE\Software\Wine 019fb19f194def75f942718737a1d691a9a2eee5f571429e9494a1feec3eecab.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2248 019fb19f194def75f942718737a1d691a9a2eee5f571429e9494a1feec3eecab.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2248 019fb19f194def75f942718737a1d691a9a2eee5f571429e9494a1feec3eecab.exe 2248 019fb19f194def75f942718737a1d691a9a2eee5f571429e9494a1feec3eecab.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\019fb19f194def75f942718737a1d691a9a2eee5f571429e9494a1feec3eecab.exe"C:\Users\Admin\AppData\Local\Temp\019fb19f194def75f942718737a1d691a9a2eee5f571429e9494a1feec3eecab.exe"1⤵
- Identifies Wine through registry keys
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2248