Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

Microsoft ...er.exe

windows10-1703-x64

3

Microsoft ...er.exe

windows10-2004-x64

1

Microsoft ...es.dll

windows10-1703-x64

1

Microsoft ...es.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    796s
  • max time network
    648s
  • platform
    windows10-1703_x64
  • resource
    win10-20240214-en
  • resource tags

    arch:x64arch:x86image:win10-20240214-enlocale:en-usos:windows10-1703-x64system
  • submitted
    19/02/2024, 17:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Microsoft PID Checker/Microsoft PID Checker.exe

  • Size

    10.6MB

  • MD5

    2c544f4b1a38f88bb994f0dfa8086806

  • SHA1

    f3fff5624015ce70c0f2e0dc170be94b52ab72f3

  • SHA256

    d62a5168dee0927fe69d84d2b3521871be2881dc645d7ea10b485e503316ea73

  • SHA512

    71ccb63c0e8d3f17335be0d78544448cfd951a641e4f899386437a6af49dede9d1bd2a319a1303c2516768f60683c6af67e52d3237de31b3b06ac9d476a03a78

  • SSDEEP

    24576:DgqSboEPwUX4st0WUhMfu2S8RwD4+6QpI2grJ/TAegXuvQSiker0q48Fli/ajLs3:DgqqwJr0D1wXS2g1LZJHnIndasG

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 33 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Microsoft PID Checker\Microsoft PID Checker.exe
    "C:\Users\Admin\AppData\Local\Temp\Microsoft PID Checker\Microsoft PID Checker.exe"
    1⤵
    • Checks processor information in registry
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:1488

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\pkeyconfig.xrm-ms
    Filesize

    995KB

    MD5

    4f2dade1bf4871558ccb974d2f99a32b

    SHA1

    36cdaf38fa3201980a2e4cd923bb347ec8e5864b

    SHA256

    8722ac6d9a224ac7daa13c8f6a68b38b557cf3e71c5c500b2fdcf8c873f0c6f0

    SHA512

    5d9cb8f51af110a23ec160e30e4ce55066e453b8acf1d5fc4e93471f3e60f3a086bd44d616f6c27f90632f42b3eae7b127c9736d9925ef2e078d521c6c68d66d

    Download Submit

  • memory/1488-6-0x0000000005B90000-0x0000000005B9A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1488-2-0x0000000005BA0000-0x0000000005C3C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/1488-3-0x0000000006150000-0x000000000664E000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/1488-4-0x0000000005CF0000-0x0000000005D82000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1488-5-0x0000000005F70000-0x0000000005F80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1488-0-0x0000000073C80000-0x000000007436E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1488-7-0x0000000005E50000-0x0000000005EA6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/1488-8-0x0000000005F70000-0x0000000005F80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1488-9-0x0000000073C80000-0x000000007436E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1488-10-0x0000000005F70000-0x0000000005F80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1488-11-0x0000000005F70000-0x0000000005F80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1488-1-0x00000000008C0000-0x0000000001368000-memory.dmp

    Filesize

    10.7MB

    Download