Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

msg0485-384839.jpg

windows11-21h2-x64

3

Resubmissions

18/01/2024, 07:54 UTC

240118-jrka9agbb4 3

18/01/2024, 07:50 UTC

240118-jpctdsgag3 3

Analysis

  • max time kernel
    126s
  • max time network
    127s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231215-en
  • resource tags

    arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    18/01/2024, 07:50 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    msg0485-384839.jpg

  • Size

    127KB

  • MD5

    9c01ef20346aeebc2f7c6ac4124bb94d

  • SHA1

    064d9f3f61efcabce2f903bfa84b91d93858c562

  • SHA256

    fe76926002dca8a671b8026063678a7495e4a25616ea961eb76bac6ae1d80aeb

  • SHA512

    87dba815773f8c7021513c35e7a4f2b1f6c33e066e59c48ba8a3e2d1911601657edba4d46408a2b405ac2df197331b3ec7a28cb4e796bd745f51eddbe8cf960b

  • SSDEEP

    3072:aIllllllkbaJEi2l8l9pAJp+nMUkgnIMI70IcvTukaYmJ:aVWb2l8llMJNMIgbTukY

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 16 IoCs
    adwarespyware
  • Modifies registry class 4 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\msg0485-384839.jpg
    1⤵
      PID:2008
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4880
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:440
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:232
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:860
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:1692
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
        1⤵
        • Modifies Internet Explorer settings
        PID:2984
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
        1⤵
        • Modifies Internet Explorer settings
        PID:3396
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
        1⤵
        • Modifies Internet Explorer settings
        PID:1864
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\ResolveUnpublish.wav"
        1⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:2196

      Network

      • flag-us
        DNS
        240.221.184.93.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        240.221.184.93.in-addr.arpa
        IN PTR
        Response
      No results found
      • 8.8.8.8:53
        240.221.184.93.in-addr.arpa
        dns
        73 B
         144 B
         1
        1

        DNS Request

        240.221.184.93.in-addr.arpa

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2196-5-0x00007FF74C0F0000-0x00007FF74C1E8000-memory.dmp

        Filesize

        992KB

        Download

      • memory/2196-6-0x00007FFC55700000-0x00007FFC55734000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2196-7-0x00007FFC4EF50000-0x00007FFC4F204000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/2196-9-0x00007FFC61A00000-0x00007FFC61A17000-memory.dmp

        Filesize

        92KB

        Download

      • memory/2196-8-0x00007FFC62140000-0x00007FFC62158000-memory.dmp

        Filesize

        96KB

        Download

      • memory/2196-10-0x00007FFC611F0000-0x00007FFC61201000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2196-11-0x00007FFC60FF0000-0x00007FFC61007000-memory.dmp

        Filesize

        92KB

        Download

      • memory/2196-12-0x00007FFC60730000-0x00007FFC60741000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2196-13-0x00007FFC50A30000-0x00007FFC50A4D000-memory.dmp

        Filesize

        116KB

        Download

      • memory/2196-14-0x00007FFC50A10000-0x00007FFC50A21000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2196-15-0x00007FFC4ED50000-0x00007FFC4EF50000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2196-16-0x00007FFC45F70000-0x00007FFC4701B000-memory.dmp

        Filesize

        16.7MB

        Download

      • memory/2196-20-0x00007FFC4ECA0000-0x00007FFC4ECB1000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2196-22-0x00007FFC4EC60000-0x00007FFC4EC71000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2196-31-0x00007FFC4EA40000-0x00007FFC4EA68000-memory.dmp

        Filesize

        160KB

        Download

      • memory/2196-38-0x00007FFC4E930000-0x00007FFC4E943000-memory.dmp

        Filesize

        76KB

        Download

      • memory/2196-43-0x00007FFC4E580000-0x00007FFC4E5DC000-memory.dmp

        Filesize

        368KB

        Download

      • memory/2196-46-0x00007FFC4E4A0000-0x00007FFC4E4B2000-memory.dmp

        Filesize

        72KB

        Download

      • memory/2196-49-0x00007FFC4E100000-0x00007FFC4E135000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2196-48-0x00007FFC4E140000-0x00007FFC4E252000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/2196-47-0x00007FFC4E260000-0x00007FFC4E491000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/2196-45-0x00007FFC4E4C0000-0x00007FFC4E557000-memory.dmp

        Filesize

        604KB

        Download

      • memory/2196-59-0x00007FFC4A2E0000-0x00007FFC4A2F1000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2196-68-0x00007FFC4A1B0000-0x00007FFC4A1C1000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2196-67-0x00007FFC4A1D0000-0x00007FFC4A1E1000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2196-66-0x00007FFC4A1F0000-0x00007FFC4A202000-memory.dmp

        Filesize

        72KB

        Download

      • memory/2196-65-0x00007FFC4A210000-0x00007FFC4A239000-memory.dmp

        Filesize

        164KB

        Download

      • memory/2196-64-0x00007FFC4A240000-0x00007FFC4A256000-memory.dmp

        Filesize

        88KB

        Download

      • memory/2196-63-0x00007FFC4A260000-0x00007FFC4A278000-memory.dmp

        Filesize

        96KB

        Download

      • memory/2196-62-0x00007FFC4A280000-0x00007FFC4A292000-memory.dmp

        Filesize

        72KB

        Download

      • memory/2196-61-0x00007FFC4A2A0000-0x00007FFC4A2B1000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2196-60-0x00007FFC4A2C0000-0x00007FFC4A2D1000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2196-58-0x00007FFC4A300000-0x00007FFC4A402000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/2196-57-0x00007FFC4A410000-0x00007FFC4A421000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2196-56-0x00007FFC4A430000-0x00007FFC4A4CF000-memory.dmp

        Filesize

        636KB

        Download

      • memory/2196-55-0x00007FFC4A4D0000-0x00007FFC4A4E3000-memory.dmp

        Filesize

        76KB

        Download

      • memory/2196-54-0x00007FFC4A4F0000-0x00007FFC4A502000-memory.dmp

        Filesize

        72KB

        Download

      • memory/2196-53-0x00007FFC4A510000-0x00007FFC4A521000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2196-52-0x00007FFC4A530000-0x00007FFC4A591000-memory.dmp

        Filesize

        388KB

        Download

      • memory/2196-51-0x00007FFC4A5A0000-0x00007FFC4A5B1000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2196-50-0x00007FFC4A5C0000-0x00007FFC4A5E5000-memory.dmp

        Filesize

        148KB

        Download

      • memory/2196-44-0x00007FFC4E560000-0x00007FFC4E571000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2196-42-0x00007FFC4E5E0000-0x00007FFC4E792000-memory.dmp

        Filesize

        1.7MB

        Download

      • memory/2196-41-0x00007FFC4E7A0000-0x00007FFC4E7CC000-memory.dmp

        Filesize

        176KB

        Download

      • memory/2196-40-0x00007FFC4E7D0000-0x00007FFC4E90B000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/2196-39-0x00007FFC4E910000-0x00007FFC4E922000-memory.dmp

        Filesize

        72KB

        Download

      • memory/2196-36-0x00007FFC4E980000-0x00007FFC4E992000-memory.dmp

        Filesize

        72KB

        Download

      • memory/2196-37-0x00007FFC4E950000-0x00007FFC4E971000-memory.dmp

        Filesize

        132KB

        Download

      • memory/2196-35-0x00007FFC4E9A0000-0x00007FFC4E9B1000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2196-34-0x00007FFC4E9C0000-0x00007FFC4E9E3000-memory.dmp

        Filesize

        140KB

        Download

      • memory/2196-33-0x00007FFC4E9F0000-0x00007FFC4EA07000-memory.dmp

        Filesize

        92KB

        Download

      • memory/2196-32-0x00007FFC4EA10000-0x00007FFC4EA34000-memory.dmp

        Filesize

        144KB

        Download

      • memory/2196-30-0x00007FFC4EA70000-0x00007FFC4EAC6000-memory.dmp

        Filesize

        344KB

        Download

      • memory/2196-29-0x00007FFC4EAD0000-0x00007FFC4EAE1000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2196-28-0x00007FFC4EAF0000-0x00007FFC4EB5F000-memory.dmp

        Filesize

        444KB

        Download

      • memory/2196-27-0x00007FFC4EB60000-0x00007FFC4EBC7000-memory.dmp

        Filesize

        412KB

        Download

      • memory/2196-26-0x00007FFC4EBD0000-0x00007FFC4EC00000-memory.dmp

        Filesize

        192KB

        Download

      • memory/2196-25-0x00007FFC4EC00000-0x00007FFC4EC18000-memory.dmp

        Filesize

        96KB

        Download

      • memory/2196-24-0x00007FFC4EC20000-0x00007FFC4EC31000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2196-23-0x00007FFC4EC40000-0x00007FFC4EC5B000-memory.dmp

        Filesize

        108KB

        Download

      • memory/2196-21-0x00007FFC4EC80000-0x00007FFC4EC91000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2196-19-0x00007FFC4ECC0000-0x00007FFC4ECD8000-memory.dmp

        Filesize

        96KB

        Download

      • memory/2196-18-0x00007FFC4ECE0000-0x00007FFC4ED01000-memory.dmp

        Filesize

        132KB

        Download

      • memory/2196-17-0x00007FFC4ED10000-0x00007FFC4ED4F000-memory.dmp

        Filesize

        252KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.