Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    140s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/01/2024, 02:23

General

  • Target

    4d17cf48dfc38ee82e6122968427487b.exe

  • Size

    86KB

  • MD5

    4d17cf48dfc38ee82e6122968427487b

  • SHA1

    7d590fa03afa1325c34f5f16fa85c39252e168e5

  • SHA256

    0bd48d235209bdd86ad3d5f51da453efaab2c919479cecd6d5cfee3873e63c40

  • SHA512

    f82bea4b6597ccefedf9352fd4f92a2bdd3550727945429e4edada612571c25dd9a8db0ffe79d699d88e4a90103528540aefbf47808519e44ef1f17b376267a8

  • SSDEEP

    1536:vYpMSZhUbtCGSKrTgkWr6cd6MQOiyQBSQlLi8r4Pv:eM8IwG4k7bBSQlLi8rMv

Score
8/10

Malware Config

Signatures

  • Looks for VMWare services registry key. 1 TTPs 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4d17cf48dfc38ee82e6122968427487b.exe
    "C:\Users\Admin\AppData\Local\Temp\4d17cf48dfc38ee82e6122968427487b.exe"
    1⤵
    • Looks for VMWare services registry key.
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    PID:2856

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads