Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

FACTURE N�...24.eml

windows10-2004-x64

3

Analysis

  • max time kernel
    443s
  • max time network
    445s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-fr
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-frlocale:fr-fros:windows10-2004-x64systemwindows
  • submitted
    04/06/2024, 11:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FACTURE N° 1000722208 _ AVENANT A LA COMMANDE N° 5100002712 DU 02.05.2024.eml

  • Size

    157KB

  • MD5

    5a16497ccc1f502729ecb8bf996e6935

  • SHA1

    c8b54cbfdbf7366dda5c80a4ab8f8a5c28701b7b

  • SHA256

    42d8bb2b389a85a7472e9266793c2110dbb95393fe46ca808187d46e746263b1

  • SHA512

    13468f6ef295532867747afb6f8a79e5d3900cb37b790070a6fa87791d45b71e832965b04f5515126fc1c888721055aa1f5588c7e54428076b356469f68f0424

  • SSDEEP

    3072:8CHRB/S7WiSNbqV/HoF4rm456HuCcgV/JMxVva9EBo6p/5:8CHSUNbQHrm4EHuUVh+Vv4Opx

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious use of SetWindowsHookEx 27 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\FACTURE N° 1000722208 _ AVENANT A LA COMMANDE N° 5100002712 DU 02.05.2024.eml"
    1⤵
    • Modifies registry class
    • NTFS ADS
    PID:4832
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5088

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads