Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/04/2024, 23:29

General

  • Target

    R3Air.2.0.0.Release.64/R3.exe

  • Size

    108KB

  • MD5

    c8973d954de8bdfbc8eaf142ddad467a

  • SHA1

    75c9af2e68035c3b6a582bbf133edb2be85091db

  • SHA256

    343f4bca3c8006251bcb4aec1efc2f61d2263418cea6660f1763240af821d6c1

  • SHA512

    bd1d89818c4879ac52ca5e66826d4539fd5b47d27a1e46fcb8339092e8d55af266b70480e567975cdd206aaac9700fcb3da33f7325939699b4610700ee45690b

  • SSDEEP

    3072:/569XWkwazEmk+a/k+DewA3U1MIvbxVSK6NxCwxw:8RwaIJ+glDsUvD8xCb

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\R3Air.2.0.0.Release.64\R3.exe
    "C:\Users\Admin\AppData\Local\Temp\R3Air.2.0.0.Release.64\R3.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious use of SetWindowsHookEx
    PID:4484
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x518 0x51c
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1180

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads