Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10MENU.bat
windows7-x64
7MENU.bat
windows10-2004-x64
7Work/RegToScript.exe
windows7-x64
1Work/RegToScript.exe
windows10-2004-x64
1Work/RestExplorer.exe
windows7-x64
8Work/RestExplorer.exe
windows10-2004-x64
8Work/SoundChanger.exe
windows7-x64
7Work/SoundChanger.exe
windows10-2004-x64
7Work/TrInstaller.exe
windows7-x64
1Work/TrInstaller.exe
windows10-2004-x64
1Work/cecho.exe
windows7-x64
7Work/cecho.exe
windows10-2004-x64
7Work/explorer.exe.dll
windows10-2004-x64
1Work/nircmd.exe
windows7-x64
1Work/nircmd.exe
windows10-2004-x64
1Analysis
-
max time kernel
149s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
29/05/2024, 16:33
Behavioral task
behavioral1
Sample
MENU.bat
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral2
Sample
MENU.bat
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Work/RegToScript.exe
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral4
Sample
Work/RegToScript.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Work/RestExplorer.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral6
Sample
Work/RestExplorer.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Work/SoundChanger.exe
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral8
Sample
Work/SoundChanger.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Work/TrInstaller.exe
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral10
Sample
Work/TrInstaller.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Work/cecho.exe
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral12
Sample
Work/cecho.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Work/explorer.exe.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
Work/nircmd.exe
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral15
Sample
Work/nircmd.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
General
-
Target
Work/RegToScript.exe
-
Size
941KB
-
MD5
86ff97b1873b136a0ca5e6409f4760bc
-
SHA1
72e3c177e8f6de279bbac981eb4229fced7baf2b
-
SHA256
ff14c17e3e380f4557b413f8a77fa40c8404a40a94d4719c0b33af2f58bd0a95
-
SHA512
736473b2953394ae9de6f031c3c08438d2dff48c83e0c1892d086151968a7ef17af1069c2e115f7cd9d6272825c1ee84bc6aaeaa469507863debabb44108e06b
-
SSDEEP
24576:yfTkD0E003ubc2MRgCmP/ZwIDzq+Iha5a0HhI:GG00SSgCmP/ZwYj48a0B
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1976 RegToScript.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe 1976 RegToScript.exe