Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

5

f3afb18f99...5b.exe

windows7-x64

1

f3afb18f99...5b.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/05/2024, 11:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f3afb18f99b1605d27684272b76f0442d1716aec97fde407649802b02bc0a05b.exe

  • Size

    1.1MB

  • MD5

    16c44de0c5e9ec7b67e1b69ed9971eac

  • SHA1

    3a3c29840867d66330f60a68e0a390dcbe2e1095

  • SHA256

    f3afb18f99b1605d27684272b76f0442d1716aec97fde407649802b02bc0a05b

  • SHA512

    49fa49c537ae519c51324cfd91f8a35cce9ade9b9ce41b2c476e9a69db60b3573ccca8e83feb37b38e1a0fa12031cbb9f822690ad7b1c54b0aca94907257c3a8

  • SSDEEP

    24576:XAHnh+eWsN3skA4RV1Hom2KXMmHaARa2gKciSkgBh95:Kh+ZkldoPK8YaARyZkY9

Score
1/10

Malware Config

Signatures

  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f3afb18f99b1605d27684272b76f0442d1716aec97fde407649802b02bc0a05b.exe
    "C:\Users\Admin\AppData\Local\Temp\f3afb18f99b1605d27684272b76f0442d1716aec97fde407649802b02bc0a05b.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\aut5488.tmp
    Filesize

    266KB

    MD5

    5f7bad6f475ff248487664d016c321da

    SHA1

    8fae092f27c2df0605b613f7cfaf558b684cd807

    SHA256

    7f2983e8552161ea705ccf2ec68f00feccad8194cba6dab0725177820dd843c3

    SHA512

    c2b22e5190594d022bfbfdf27548464f974609fd07cb7b1e37ceda72b189e6893a062aeb0a1a6d3fe4f2a99673dd978c9ba9f98a562e6ae49605ad88984526b8

    Download Submit

  • memory/3980-12-0x00000000017F0000-0x00000000017F4000-memory.dmp

    Filesize

    16KB

    Download