Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
29/12/2023, 23:37
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
fxt/飞信通客户端/888netsms.htm
Resource
win7-20231215-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
fxt/飞信通客户端/888netsms.htm
Resource
win10v2004-20231215-en
windows10-2004-x64
4 signatures
150 seconds
Behavioral task
behavioral3
Sample
fxt/飞信通客户端/GetPL.exe
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral4
Sample
fxt/飞信通客户端/GetPL.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral5
Sample
fxt/飞信通客户端/飞信通客户端.exe
Resource
win7-20231215-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral6
Sample
fxt/飞信通客户端/飞信通客户端.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
5 signatures
150 seconds
General
-
Target
fxt/飞信通客户端/飞信通客户端.exe
-
Size
1.6MB
-
MD5
dc59123a02e358b44eaaf72cf39085d5
-
SHA1
e3ecc4804cf70494b7cf33d0b86c22ff172338ad
-
SHA256
f4d10cee508428d6ddebd71a4faf4e61edc952cedfb12c5ee0acd4931e936584
-
SHA512
10594f389a12e044fa7c6553a2eb432c2a9d0e543999394fb46667e9a4b3f0677df1421c9f4d1271b1e7ffbbdf3c0f867c93915f88c6c29ab54f918c1d458228
-
SSDEEP
24576:3tMo+kiO1KrawnaTaSDYegrk5wS5gh3CVD:D+rO13aqNWrk5wGgxCt
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 36 IoCs
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = 00000000ffffffff 飞信通客户端.exe Set value (data) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0 = 80003100000000009e574a3f100066787400380009000400efbe9e574a3f9e574c3f2e000000293202000000060000000000000000000000000000009d6a880066007800740000001200360000000200efbe02003f003f003f003f003f003f005c003800380038006e006500740073006d0073002e00680074006d00000012000000 飞信通客户端.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0 飞信通客户端.exe Set value (data) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\MRUListEx = ffffffff 飞信通客户端.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings 飞信通客户端.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 飞信通客户端.exe Set value (data) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff 飞信通客户端.exe Set value (data) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 56003100000000008f578a5b12004170704461746100400009000400efbe8f578a5b9e574c3f2e00000089e10100000001000000000000000000000000000000138dcb004100700070004400610074006100000016000000 飞信通客户端.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags 飞信通客户端.exe Set value (data) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 50003100000000008f571364100041646d696e003c0009000400efbe8f578a5b9e574c3f2e0000007ee10100000001000000000000000000000000000000dcd57000410064006d0069006e00000014000000 飞信通客户端.exe Set value (data) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 = 50003100000000008f57f35d10004c6f63616c003c0009000400efbe8f578a5b9e574c3f2e0000009ce1010000000100000000000000000000000000000019341f004c006f00630061006c00000014000000 飞信通客户端.exe Set value (data) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 飞信通客户端.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell 飞信通客户端.exe Set value (data) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0 = 4e003100000000009e574a3f100054656d7000003a0009000400efbe8f578a5b9e574c3f2e0000009de1010000000100000000000000000000000000000016808800540065006d007000000014000000 飞信通客户端.exe Set value (data) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\MRUListEx = 00000000ffffffff 飞信通客户端.exe Set value (data) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\MRUListEx = 00000000ffffffff 飞信通客户端.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 飞信通客户端.exe Set value (data) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff 飞信通客户端.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU 飞信通客户端.exe Set value (data) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000 飞信通客户端.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 飞信通客户端.exe Set value (str) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic" 飞信通客户端.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell 飞信通客户端.exe Set value (data) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff 飞信通客户端.exe Set value (data) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 78003100000000008f578a5b1100557365727300640009000400efbe874f77489e574c3f2e000000c70500000000010000000000000000003a0000000000a49fde0055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 飞信通客户端.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0 飞信通客户端.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 飞信通客户端.exe Set value (data) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff 飞信通客户端.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 飞信通客户端.exe Set value (data) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff 飞信通客户端.exe Set value (data) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots 飞信通客户端.exe Set value (data) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 飞信通客户端.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 飞信通客户端.exe Set value (data) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff 飞信通客户端.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 飞信通客户端.exe Set value (int) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\NodeSlot = "1" 飞信通客户端.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2324 飞信通客户端.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 2324 飞信通客户端.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2324 飞信通客户端.exe 2324 飞信通客户端.exe 2324 飞信通客户端.exe 2324 飞信通客户端.exe