Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

1

OneTimeCon...17.msg

windows7-x64

5

OneTimeCon...17.msg

windows10-2004-x64

3

Analysis

  • max time kernel
    144s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/01/2024, 06:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    OneTimeConfirmation_Retain notification response needed today -Password -expiration -review __ Case #_326317.msg

  • Size

    139KB

  • MD5

    d31547144e718da96d32d0cd7e5c4a06

  • SHA1

    a75189d9ec2d5945eebc8e1ad56d987ae1cbe41c

  • SHA256

    fb4abb9f2d7c2526d0c6869c928a870dac6730d681ce1f2e6f00a5325deb1f18

  • SHA512

    b4073021b558dffbcb131618fef8c27028c5cf197ad26984c13a3cec2dd4f6945e7fa54c3f6adee262573c46a08429c14446f83917ba8d3387d0367d8daaad7b

  • SSDEEP

    768:EJs4uikJMgccYtWcKBWsK3fICR+DNh11fopaqnFkcEdzgWsK5Pfxv8XuGquGDzN5:1i3nWpWfxLwcW4uGquGcSSTNqh7QcC

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\OneTimeConfirmation_Retain notification response needed today -Password -expiration -review __ Case #_326317.msg"
    1⤵
    • Modifies registry class
    PID:3000
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3144

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads