Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

@!#SETUP_F..._$.rar

windows10-2004-x64

3

Setup.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    55s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/04/2024, 17:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    @!#SETUP_FILE_2024_PASSCODE_$.rar

  • Size

    23.5MB

  • MD5

    7611e93930a3ebfc3144343b30cd9dcd

  • SHA1

    2fcfefd406cfbade85a6e58aa06442bd925aeb5d

  • SHA256

    e8b27d9776228fec69909096f712fcbf90cd8a335394e3791ac3be7cb37b3556

  • SHA512

    93240b34e717a3c93d1ca7bdb25c7bbfc3bb5969c09c6dacc1dcb6b1e92577da311e006442ce1a5d28c99625abafa666a76b33b4f80f9195669d2702dc7d3673

  • SSDEEP

    393216:FK6+W0Ec0JqaRS46jX7k2E1AIvcGdqwHjW0V/exgk+oraBa8m2kPU0t8:86n0EcqS5X7OiIUNwD3eh+fBu2uU0t8

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of FindShellTrayWindow 23 IoCs
  • Suspicious use of SendNotifyMessage 22 IoCs
  • Suspicious use of SetWindowsHookEx 42 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\@!#SETUP_FILE_2024_PASSCODE_$.rar
    1⤵
    • Modifies registry class
    PID:1372
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1700
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\@!#SETUP_FILE_2024_PASSCODE_$.rar"
      2⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:656

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
    Filesize

    114B

    MD5

    6e5dc14b679af007807c132f616ebacd

    SHA1

    62e4b2871344089b7cbc181ee7f41e4a75b732aa

    SHA256

    308e8a3b910fbd37b4e92a2025641fcae0e76e4ecaeb541a25183b90036f1858

    SHA512

    3a00772edb56b037ec10327cd07ef1b185ce0612d76cc547c764fcf87f8ffc17acb2255f04331b62a4c0ecf80b1b6a4696a817959b0eada4b8ebf06ef5dbc2e4

    Download Submit

  • memory/656-22-0x00007FFBE3880000-0x00007FFBE3891000-memory.dmp

    Filesize

    68KB

    Download

  • memory/656-7-0x00007FFBD40E0000-0x00007FFBD4396000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/656-14-0x00007FFBE43B0000-0x00007FFBE43C1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/656-12-0x00007FFBE43F0000-0x00007FFBE4401000-memory.dmp

    Filesize

    68KB

    Download

  • memory/656-13-0x00007FFBE43D0000-0x00007FFBE43ED000-memory.dmp

    Filesize

    116KB

    Download

  • memory/656-9-0x00007FFBE4450000-0x00007FFBE4467000-memory.dmp

    Filesize

    92KB

    Download

  • memory/656-11-0x00007FFBE4410000-0x00007FFBE4427000-memory.dmp

    Filesize

    92KB

    Download

  • memory/656-21-0x00007FFBE4000000-0x00007FFBE4011000-memory.dmp

    Filesize

    68KB

    Download

  • memory/656-5-0x00007FF714740000-0x00007FF714838000-memory.dmp

    Filesize

    992KB

    Download

  • memory/656-15-0x00007FFBD3CE0000-0x00007FFBD3EEB000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/656-8-0x00007FFBE9F80000-0x00007FFBE9F98000-memory.dmp

    Filesize

    96KB

    Download

  • memory/656-23-0x00007FFBD0110000-0x00007FFBD0127000-memory.dmp

    Filesize

    92KB

    Download

  • memory/656-10-0x00007FFBE4430000-0x00007FFBE4441000-memory.dmp

    Filesize

    68KB

    Download

  • memory/656-20-0x00007FFBE4060000-0x00007FFBE4071000-memory.dmp

    Filesize

    68KB

    Download

  • memory/656-19-0x00007FFBE4180000-0x00007FFBE4198000-memory.dmp

    Filesize

    96KB

    Download

  • memory/656-18-0x00007FFBE3D00000-0x00007FFBE3D21000-memory.dmp

    Filesize

    132KB

    Download

  • memory/656-17-0x00007FFBE4360000-0x00007FFBE43A1000-memory.dmp

    Filesize

    260KB

    Download

  • memory/656-16-0x00007FFBD2C30000-0x00007FFBD3CE0000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/656-6-0x00007FFBE4210000-0x00007FFBE4244000-memory.dmp

    Filesize

    208KB

    Download

  • memory/656-43-0x00007FF714740000-0x00007FF714838000-memory.dmp

    Filesize

    992KB

    Download

  • memory/656-45-0x00007FFBD40E0000-0x00007FFBD4396000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/656-44-0x00007FFBE4210000-0x00007FFBE4244000-memory.dmp

    Filesize

    208KB

    Download

  • memory/656-46-0x00007FFBD2C30000-0x00007FFBD3CE0000-memory.dmp

    Filesize

    16.7MB

    Download