Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
12/02/2024, 12:28
General
-
Target
97273d65603839cf542745359470e8ba.exe
-
Size
4.4MB
-
MD5
97273d65603839cf542745359470e8ba
-
SHA1
d96f1ec8be081e2226f4ca4384f5fcb9f4613f86
-
SHA256
51a9f6c8be826bf9b121848ee255138e73032e3a89f49c3a4d0ae35576e8f645
-
SHA512
1d2bc504969ebeaf9ff4c3dbc562d102976f11caf1f2abcceee23c3078178d241adea0e097c0521abf3872a486b8c0ad5aeeae273703a30f80387918093326b0
-
SSDEEP
98304:JeIt5UwFAoIQ5unMssx3MwCGN/g9Z+KRvubPBdK9+:JeECwF9qMF8Y/g9AjbPrM+
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs
-
Checks BIOS information in registry 2 TTPs 4 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE 1 IoCs
-
Identifies Wine through registry keys 2 TTPs 2 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 13 IoCs
-
Suspicious behavior: EnumeratesProcesses 30 IoCs
-
Suspicious use of SetWindowsHookEx 14 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\97273d65603839cf542745359470e8ba.exe"C:\Users\Admin\AppData\Local\Temp\97273d65603839cf542745359470e8ba.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Ñà×Ó¿ìµÝ´òÓ¡.exeC:\Users\Admin\AppData\Local\Temp\Ñà×Ó¿ìµÝ´òÓ¡.exe2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
35B
MD51a3bd1422f59c7cd2e3e2f9bc9daf040
SHA1a8f491a2ed0dcf43d2c1cf23e3d6afb7976026ea
SHA256c6647d77457f93c1ceec3e5f8023e4aa8805c5f90a561cb235a839b2d0af047b
SHA5129d8997a5d1d5e24f841af3ce90089823a85beaf6137b22845154e3705703199a20092cfac1dc4099604a942de23552ffc257bf2d808f0c987973d469e3f64902
-
Filesize
50B
MD50b6872d33b09e6ddea731c68b4ceabb0
SHA16d2a1c2e8c9d9616a2281e74b749569d93419dc9
SHA2560ab2dd3063d7e93358ea2c0356064c7c74a57f80dcbe88680183a170f61e1563
SHA512284a6d0be5a7005149d71224b9843c37355e758a7c88b20a73cc54ec532d4b7fd5c829e970112f6cf7204c998ed58ddac6e18dc0ed51243faccc1711d1d37caf
-
Filesize
15KB
MD57955e2593b426a4ca9b44d10a8d9378e
SHA14651a0d6e2d826074327bd189e3edbec600d9395
SHA2561b3e4b567680e065dcc1fedb2a80503332263a0df8cd723aba460ee3246a9bb3
SHA512470f2da2cb1e342d521f74cc77c55d21843b78a4b099a38c8bd7fc3a6cf6eaaaf0dd4b6a279262080bc02dbbcae381e06e601c70a1a61ea9e23c7e3612ddc75b
-
Filesize
4.4MB
MD597273d65603839cf542745359470e8ba
SHA1d96f1ec8be081e2226f4ca4384f5fcb9f4613f86
SHA25651a9f6c8be826bf9b121848ee255138e73032e3a89f49c3a4d0ae35576e8f645
SHA5121d2bc504969ebeaf9ff4c3dbc562d102976f11caf1f2abcceee23c3078178d241adea0e097c0521abf3872a486b8c0ad5aeeae273703a30f80387918093326b0
-
Filesize
29B
MD5e5dd6eda8fb744cb786490b10fe19551
SHA1011eb525d86573255c0b6853172f4999f99bfe8a
SHA2562759ea8baa1346689681af8d8857e86a73cbca38513a884043b6f7110cbc553f
SHA51250ea43330b9ba3c28d2948230d029bd2ea35b0185fc5ec2a84873a932fa25f80817e428ef289abf9f4423bbbd4d6fda933699f2694968079f7d84a163676e280
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
10.1MB
-
Filesize
10.1MB
-
Filesize
10.1MB
-
Filesize
10.1MB
-
Filesize
10.1MB
-
Filesize
10.1MB
-
Filesize
10.1MB
-
Filesize
10.1MB
-
Filesize
10.1MB
-
Filesize
10.1MB
-
Filesize
10.1MB
-
Filesize
10.1MB
-
Filesize
10.1MB
-
Filesize
10.1MB
-
Filesize
10.1MB
-
Filesize
10.1MB
-
Filesize
10.1MB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
10.1MB
-
Filesize
4KB
-
Filesize
10.1MB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
10.1MB
-
Filesize
10.1MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
10.1MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
4KB