Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
87s -
max time network
94s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
09/03/2024, 20:23
Static task
static1
Behavioral task
behavioral1
Sample
app.asar
Resource
win11-20240221-en
3 signatures
150 seconds
General
-
Target
app.asar
-
Size
736.0MB
-
MD5
83af29be00c087c900b6417a400e6041
-
SHA1
90c37f0751702db0ed3a17a70261dd525430a0b0
-
SHA256
37a33d5c5704145aaef6bbb3e7af9c96dd4e0385350b778386d902c17ee2363d
-
SHA512
ac6cfeac9c31843316db8003df9b829c3ec13736722844f2eec071c78c82d7459e0b198de532f2e558e4fad2ea3d5842c72b339e6bc6749367126232e26e7cec
-
SSDEEP
393216:Ha/Ov5IiQT/MUFFwVs5vKNrQpPSRF7Bg+gs:wgIpT/rwSUVQiFVOs
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 240 OpenWith.exe