Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
24/05/2024, 08:40
General
-
Target
3a101eabbc7a34f6f8257642cace066675a5cce75b81a8371b0d83f00bb6fa81.exe
-
Size
5.7MB
-
MD5
f1dc3b202c1f1fed1b762c77e783fb91
-
SHA1
df9bd55296aec249da1a0a3164b54d91e91478f8
-
SHA256
3a101eabbc7a34f6f8257642cace066675a5cce75b81a8371b0d83f00bb6fa81
-
SHA512
a71249a709560b7509693f03a6f90f61b2f88dc5905aff6c3aeae47378b357a267efb67954696efb050ce35609a6e173d1fdbf8c69162aa836bda36b2ac9fad8
-
SSDEEP
98304:j/6n94bDY2EBcBuq62V///4nAWakrn7S/IhWoaVVfs/VIsMF4JD8iulhq7NmjkV4:mMD+cpvJ/4H3nmghWoa/fsysMF4JD85D
Malware Config
Signatures
-
Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 17 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SendNotifyMessage 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3a101eabbc7a34f6f8257642cace066675a5cce75b81a8371b0d83f00bb6fa81.exe"C:\Users\Admin\AppData\Local\Temp\3a101eabbc7a34f6f8257642cace066675a5cce75b81a8371b0d83f00bb6fa81.exe"1⤵
- Looks for VirtualBox Guest Additions in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6KB
MD59af399807d86d381b752c558b98fddbc
SHA1768f624b7384e727de7f38bc91e0da9a8a47b6b9
SHA256799eaf3f7e043ee58e42551e358111ad1d1fe381714df96be484bbaed0bd56a2
SHA512a8f75cfa2b924e10717aebaae45ba1c4a633ba6d0df8f5758891c18b53e819042c9bc3a35989adff04262a6563c2e3e4427962df8f7d0a90a51d323b318d3013