Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
143s -
max time network
152s -
platform
windows11-21h2_x64 -
resource
win11-20240419-en -
resource tags
arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system -
submitted
27/04/2024, 22:14
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
silverbllet.rar
Resource
win10v2004-20240426-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
silverbllet.rar
Resource
win11-20240419-en
3 signatures
150 seconds
General
-
Target
silverbllet.rar
-
Size
144.5MB
-
MD5
fc50b84ed55fb6f340d3fe9f0fe7de92
-
SHA1
9f96ac12162f84a462ff2c247c0530d8c8826857
-
SHA256
ac7010253b5e2a1fef924d2afbd5a35b8a6688ed10813625d6ae7489ba16f7bf
-
SHA512
c7f4a168303ad37894b9469b120be84b499948c3a4da09cd6cb654005616880716dc986511de3e4554274b4d2b754a65625bfd654f54b6cd893c911793cda210
-
SSDEEP
3145728:0/b1yaL4Ac4p6IXPUm+0B6sHdaRrgEs3Pw2/95J17F86QFjd4b:Q4aL9c4pzXPXB6sHdArdD2R1Kf4b
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 15 IoCs
pid Process 4624 OpenWith.exe 4624 OpenWith.exe 4624 OpenWith.exe 4624 OpenWith.exe 4624 OpenWith.exe 4624 OpenWith.exe 4624 OpenWith.exe 4624 OpenWith.exe 4624 OpenWith.exe 4624 OpenWith.exe 4624 OpenWith.exe 4624 OpenWith.exe 4624 OpenWith.exe 4624 OpenWith.exe 4624 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\silverbllet.rar1⤵
- Modifies registry class
PID:3544
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4624
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4920