Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
130s -
max time network
136s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
21/04/2024, 02:21
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
zip.rar
Resource
win10-20240404-en
4 signatures
150 seconds
General
-
Target
zip.rar
-
Size
114KB
-
MD5
461ddb6faa227a828471051b6271376f
-
SHA1
2823d31637e76d6e8bf5260adf2bb52a59c3e7c8
-
SHA256
a0c226069a2cd6fc64f00bdcbe7db806c98de36fe479203135ab6ab15c0a426c
-
SHA512
66d6cc2bfeb5fa5d24c92607111eb773004728b35587f20ae330c99970e0fc591273479809e3962b81e2a4311bb7fa478a6e255cca4e4bd23a23d62c2240ea6b
-
SSDEEP
3072:ts+J9JyLMqjJz/zAhCzjvEGai44JHIJHVmnAko+vXB:t1rJyl7Ahpb4AYAlsXB
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3416 OpenWith.exe -
Suspicious use of SetWindowsHookEx 41 IoCs
pid Process 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe 3416 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\zip.rar1⤵
- Modifies registry class
PID:2452
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3416