Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

Pooke.rar

windows11-21h2-x64

3

Pooke/Pook...PS.exe

windows11-21h2-x64

8

Pooke/Pook...NS.txt

windows11-21h2-x64

3

Analysis

  • max time kernel
    146s
  • max time network
    150s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    01/06/2024, 09:56 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Pooke.rar

  • Size

    148KB

  • MD5

    b67d5c1d1e4c7950d4341b222c6c5453

  • SHA1

    daef15677c530064c8373825279e93707de5bd13

  • SHA256

    061c630a9036efc0e9c77b447346c8d626f7cc48b79919e1f9ae1ef66a38a89d

  • SHA512

    a22b79003fff6b6a8f7402e855082b97c03f810a3acd13aab93e27f2aad9c419ab2481b359a843ad3cca7310f3431b290519800cb1632636ee364a73f0908ab6

  • SSDEEP

    3072:JiK7rSFct+BuRLFqFyhfK8C/Ozb+5LnM1nEgF08p:0K7WqsBu3Pzb+ZO1p

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Pooke.rar
    1⤵
    • Modifies registry class
    PID:908
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4868

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.