Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

1

Lucy Green...u..eml

windows7-x64

5

Lucy Green...u..eml

windows10-2004-x64

3

email-html-2.html

windows7-x64

1

email-html-2.html

windows10-2004-x64

1

email-plain-1.txt

windows7-x64

1

email-plain-1.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    153s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/01/2024, 14:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Lucy Greene shared _Private and Confidential from Momentum Broker Solutions Ltd_ with you..eml

  • Size

    10KB

  • MD5

    4417bf7edc1191fff7eb289f36bd0bd1

  • SHA1

    02a6d95c875d543ed1d45aa6856eeee86301234d

  • SHA256

    a3c9f359bdb1782fa2f9458883bd2863a00a1e738cfa64f59b94f28554f19d27

  • SHA512

    794bb00480e66da483edf8df666dc4927638f395dc1915c725159167cc50a6df6ceca4639b6ef220a66aa26d848f878121f168ba9c27f576891d53e2310c7d5a

  • SSDEEP

    192:7cAYLYEw76O+PCumebO2egWSkID2OxKaEmxiYL:7jYLYdGO+PxbOY/8A8YL

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 49 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Lucy Greene shared _Private and Confidential from Momentum Broker Solutions Ltd_ with you..eml"
    1⤵
    • Modifies registry class
    • NTFS ADS
    PID:4004
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5100
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Lucy Greene shared _Private and Confidential from Momentum Broker Solutions Ltd_ with you..eml
      2⤵
        PID:552

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Lucy Greene shared _Private and Confidential from Momentum Broker Solutions Ltd_ with you..eml
      Filesize

      10KB

      MD5

      4417bf7edc1191fff7eb289f36bd0bd1

      SHA1

      02a6d95c875d543ed1d45aa6856eeee86301234d

      SHA256

      a3c9f359bdb1782fa2f9458883bd2863a00a1e738cfa64f59b94f28554f19d27

      SHA512

      794bb00480e66da483edf8df666dc4927638f395dc1915c725159167cc50a6df6ceca4639b6ef220a66aa26d848f878121f168ba9c27f576891d53e2310c7d5a

      Download Submit