Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

MFAwTjBMME...k_3g==

windows10-2004-x64

1

MFAwTjBMME...k_3g==

windows11-21h2-x64

1

Analysis

  • max time kernel
    32s
  • max time network
    37s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/02/2024, 00:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MFAwTjBMMEowSDAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo_X8AUm7+PSp50CDylHxZ86nXBcWJEGuHk_3g==

  • Size

    1KB

  • MD5

    09307b0e931bd0e010ff41d73bfe780b

  • SHA1

    6df3947c17c0bdfbdd1d4df9dd09f2fc1a95c2a4

  • SHA256

    c0c75997abadfc40c5c76bae8f2b7e63b17e12a7f98a01d857fe839a697c3cbc

  • SHA512

    14999287240c8a92aaac8128c136c559d1924ccd62628b8d797059cf747668173d7aa52ff65ac43d3fab8ab1acd1c50674645196db2fc1d50ba7a4d9e361d6bf

Score
1/10

Malware Config

Signatures

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 43 IoCs
  • Suspicious use of SendNotifyMessage 43 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\MFAwTjBMMEowSDAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo_X8AUm7+PSp50CDylHxZ86nXBcWJEGuHk_3g==
    1⤵
      PID:4076
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3752

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3752-0-0x000001E73DF40000-0x000001E73DF41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3752-1-0x000001E73DF40000-0x000001E73DF41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3752-2-0x000001E73DF40000-0x000001E73DF41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3752-6-0x000001E73DF40000-0x000001E73DF41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3752-7-0x000001E73DF40000-0x000001E73DF41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3752-8-0x000001E73DF40000-0x000001E73DF41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3752-9-0x000001E73DF40000-0x000001E73DF41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3752-10-0x000001E73DF40000-0x000001E73DF41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3752-12-0x000001E73DF40000-0x000001E73DF41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3752-11-0x000001E73DF40000-0x000001E73DF41000-memory.dmp

      Filesize

      4KB

      Download