Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25/12/2023, 23:18
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
42b9fe327780a76b70407e45cbbbdb19.exe
Resource
win7-20231215-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
42b9fe327780a76b70407e45cbbbdb19.exe
Resource
win10v2004-20231215-en
3 signatures
150 seconds
General
-
Target
42b9fe327780a76b70407e45cbbbdb19.exe
-
Size
3.0MB
-
MD5
42b9fe327780a76b70407e45cbbbdb19
-
SHA1
ef87faa47bf565e5595534d8b221d308aea7c37c
-
SHA256
5090d2d1f83f3a8fefddd7b33729fe4720e52325caf95b52d3e91cd4f04c1d68
-
SHA512
05ab6189a177434632fa98e884809aaa7d3ceba87854b8fe8621189243320b58bc98dc4b941a6566d22b0cf48eb4871ce9fdd5bb4d4913cf2a8780d42d3cda7a
-
SSDEEP
49152:ljASnaO45SChj0IFeeI/hks47+aIObgdKot:lEIQeeI/R4iavbGt
Score
1/10
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main 42b9fe327780a76b70407e45cbbbdb19.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2056 42b9fe327780a76b70407e45cbbbdb19.exe 2056 42b9fe327780a76b70407e45cbbbdb19.exe -
Suspicious use of SendNotifyMessage 2 IoCs
pid Process 2056 42b9fe327780a76b70407e45cbbbdb19.exe 2056 42b9fe327780a76b70407e45cbbbdb19.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2056 42b9fe327780a76b70407e45cbbbdb19.exe 2056 42b9fe327780a76b70407e45cbbbdb19.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\42b9fe327780a76b70407e45cbbbdb19.exe"C:\Users\Admin\AppData\Local\Temp\42b9fe327780a76b70407e45cbbbdb19.exe"1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2056