Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

b0db234436...34.exe

windows7-x64

9

b0db234436...34.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    23/05/2024, 23:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b0db234436f22c8e8ffa8710188e99ca67149df40fad9c76fe7c6560ccd77434.exe

  • Size

    5.7MB

  • MD5

    fb8e5e0af8afa722693c289e42bec423

  • SHA1

    29c11d35eb8638aa8e1218bf8cca17a83a0a211e

  • SHA256

    b0db234436f22c8e8ffa8710188e99ca67149df40fad9c76fe7c6560ccd77434

  • SHA512

    8534fb82d0c85e063c3667912f477dbd7259f56a59f3f33534dc179469709404c460f5a87ead62ea03b129970f6a8215d8acd82fc1ca94c70137d9acb5d65cf2

  • SSDEEP

    98304:+dHMC+By0AOzWeGlPCk2IabgwxXQ6lXtGscl5M1QN7pA2q7NOLfkV5idp/:+/SACkCkyhXQ6ldGsTQN7pDzkjir/

Score
9/10
evasion

Malware Config

Signatures

  • Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 22 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b0db234436f22c8e8ffa8710188e99ca67149df40fad9c76fe7c6560ccd77434.exe
    "C:\Users\Admin\AppData\Local\Temp\b0db234436f22c8e8ffa8710188e99ca67149df40fad9c76fe7c6560ccd77434.exe"
    1⤵
    • Looks for VirtualBox Guest Additions in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
    Filesize

    3KB

    MD5

    5f53689f6f3d1d91df37e1faa0d7c92d

    SHA1

    afa77a098cff45361b5d84bb6b064441fc501fe6

    SHA256

    d93074475664033f7b515775e44ed515f6815e4cc1f84dcce5f41db42cf2612f

    SHA512

    ffc285c9ce78de7671da3bd523e061ba1ee382cb011e72a1caf78e6c05ca23286e227932f5364db92f82f41aa95a92bb99a545107dfac272524e7ac6810458ef

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
    Filesize

    4KB

    MD5

    62c9e0c8a86a2b2ad99ab93d67d3be9f

    SHA1

    73b801f0961c26d1a7ec7b47914911736151a856

    SHA256

    4dc75c47d65ed8c51ec60f5a1d15ff591e50b5d329eaf9fe9f3366e0cce88e28

    SHA512

    f96945fb806488cf5e1a2c1f9118230a06d24599fc6e7f46974fc6ec0a9bc32465455d0bb3e11aad72593a910258a7122d9aa134182948d9ce9fddaea8d2bd0d

    Download Submit