Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
165s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-es -
resource tags
-
submitted
10/01/2024, 03:03
General
-
Target
Lossless Scaling Frame Generation .rar
-
Size
1.2MB
-
MD5
abdbd9977e070d18c687718ae159ad6f
-
SHA1
813f8a91e96740b6d21d65ad18cad8092939de38
-
SHA256
9f78f1784007e1d06f66599b0cf3e6a130734041d474875e4436bbee41950aaf
-
SHA512
23fe572a8862412fa586c98611be0872ed54759cc8d1fad3b8662f700c393f9a5d4474347c695c57ce87d9dde61972768fabc29381c4093dd8230a775f1adc10
-
SSDEEP
24576:Uyx2LlU5ABQ+Ewzo6Evw/LLemzO6i9PGPdUiVr/oHnDQTUl8cX:UywLlU5ABQ+no6EyLLXO6i9sOiN02cX
Score
7/10
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Lossless Scaling Frame Generation .rar"1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Lossless Scaling Frame Generation .rar"2⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-