Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

4f9dfd37f9...26.exe

windows7-x64

9

4f9dfd37f9...26.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    136s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/05/2024, 08:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426.exe

  • Size

    5.7MB

  • MD5

    7724c27125c88723d0d92c8652985a49

  • SHA1

    4116f8c1769ef2f9776b0a04462205d0ce1298de

  • SHA256

    4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426

  • SHA512

    e28adc5105792c5a6b7ff24960886e339671bbb5b0066816f08d94b70b2edac610c2728f7d52ec98033172c7cd658fca777c834ee305b13dcbf9cb9d3c452907

  • SSDEEP

    98304:b/6n94bDY2EBcBuq62V///4nAWakrn7S/IhWoaVVfs/VIsMF4JD8iulhq7NmBkVB:uMD+cpvJ/4H3nmghWoa/fsysMF4JD854

Score
9/10
evasion

Malware Config

Signatures

  • Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426.exe
    "C:\Users\Admin\AppData\Local\Temp\4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426.exe"
    1⤵
    • Looks for VirtualBox Guest Additions in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3508

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
    Filesize

    652B

    MD5

    8b892144c0d50116e7116c107f959e90

    SHA1

    c20c0da1f8fa4b1cd8124993013557cfe1b842b7

    SHA256

    0cb8e0d0165d9f3da16f2d08411f216a6320eae3ff8639d49ea3476fb252b52f

    SHA512

    2cc9c7f1d9954345880bb0b1eda1941f759170b158bfd88aac4be3f4ec9d4d13b17dab6e3292ff0ce412893b0ae2ba53d57f866cd6efb4f58c873f05761650e8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
    Filesize

    3KB

    MD5

    9316dd972e66a3bf9731807279429e4c

    SHA1

    67cdd63e1d2c54eb2cdca6082d8c97cd9ab287cf

    SHA256

    ff7247d1d7162f3e52a54072a0944b02ce7217a78afa3def722356e305719dd2

    SHA512

    b08a5aa8a5368d131fc153bfebf818422a41428bae160a7626098e978509d2dcf5da64ecdce0e89eaa6ad3e7fada51992eee2c97a325ede163dd4fc3fd041c4a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
    Filesize

    7KB

    MD5

    87f17922d66b24bff35704556ea4a048

    SHA1

    41a02466a4b9ec7c6947c85beb2ccd9b3aaab1f3

    SHA256

    93bca4264692b11e2d72d1f93aada4b524d8dc6ef202f1f9eebee84b1a878422

    SHA512

    6a1c9a0cf021e0d3e6f5e60246c491cac87a2b8d0e215f03a15485502bbe6c6b651521f755edc40030978e38d18c91a6796aeb05ba094fe22e729a6e59461559

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
    Filesize

    383B

    MD5

    68ae9949289b710d20737d1d861813a5

    SHA1

    996a29c0a3cb7d2babdd82547f40fba1517f1493

    SHA256

    1c211dc7e67ccbe2cb097a0fc80d8c6ec9f00ddb072e5bcfd134ed0f4a518af9

    SHA512

    25780b280cbb67d81ce69316090716223bd77f1f1adbb6be1b90c66d23f7bbcf09a07856932b7d454e8194a824205f56ebc7fe942d194c6a35baeac4f105153f

    Download Submit