Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    144s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/12/2023, 23:22

General

  • Target

    ff98c53195690e34629b01420bce6dcc.exe

  • Size

    727KB

  • MD5

    ff98c53195690e34629b01420bce6dcc

  • SHA1

    8228e1f3a962c632b100a486b8e9fe009d99d7d1

  • SHA256

    b9480da9af87c078dc0ee5364e2c5766e446cbd7c2de38616f01751dce66caa1

  • SHA512

    0a2b2a599e1e0345a4c505e542445a3e73cfa87f80602e860e5c1a5a83f502382b7db140638ddaa857bd3a54ee3678aa2204352decb690f76b706223df0fe8c2

  • SSDEEP

    12288:+u0JRCuzbKed82FlSOrHwsztcywBLNIc5zyZoueDi:N4MMKitSwQCcXjxfE

Score
8/10

Malware Config

Signatures

  • Disables Task Manager via registry modification
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ff98c53195690e34629b01420bce6dcc.exe
    "C:\Users\Admin\AppData\Local\Temp\ff98c53195690e34629b01420bce6dcc.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4840-0-0x0000000002360000-0x0000000002361000-memory.dmp

    Filesize

    4KB

  • memory/4840-5-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

  • memory/4840-7-0x0000000002360000-0x0000000002361000-memory.dmp

    Filesize

    4KB