Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
05/06/2024, 08:30
Static task
static1
Behavioral task
behavioral1
Sample
4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7.exe
Resource
win10v2004-20240508-en
General
-
Target
4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7.exe
-
Size
6.2MB
-
MD5
9072d9128443a508754f45933141ed39
-
SHA1
e7c3fe94caa4a0e38ce8d97bf5be60e9868f4cf1
-
SHA256
4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7
-
SHA512
05efdb365adc4813088b8bd2e499724e5fbc1b100c385e311cab8b852cbb0f9ea2f173042621f99211cd13a6d6934fbcee91922d064ea51e3e54bdc538605be5
-
SSDEEP
196608:oMD+cpvJ/4H3nmghWoa/fsysMF4JD85lSiY9pkjiA:oMFgXnU7sElG9pyX
Malware Config
Signatures
-
Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Oracle\VirtualBox Guest Additions 4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2164 4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2164 4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 2164 4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7.exe"C:\Users\Admin\AppData\Local\Temp\4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7.exe"1⤵
- Looks for VirtualBox Guest Additions in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2164
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
652B
MD5c0c857f0154bcf2e4fffcec337fae713
SHA17d795023ad43f83a77e508ed0e75e6c4ab6c6cbd
SHA256804427aea91477c42f240b5fd23ce40c0b308a620eb5d68db16dac7276eaeebd
SHA5125fef3d90162b823f3a5186ed3fb2ea5bd500cc27f6c36e6fe55dfbee94d0742edce087fb278ca3a6608308eb7df15b2065edaa6f58d64db59a0880581092432a
-
Filesize
9KB
MD5e03121050a4512cf06abc24876b4e72a
SHA1b59dbfdc39541b49bb20e49bad13f23b6b6b5e44
SHA256b98fd25af5e74a60c707ac6ffc4b9a412f4d5a50ad98f0539cae782596ea7497
SHA51213f5a17f7ac9ac1b7c4a8311656586fdb57df4471cc7e86442f7dde604600c489d3edbcbd0c2f6915e0dab17ba15253a4e60cf99a1646cab79666e3fdb9296f5
-
Filesize
252B
MD5b0fcfc20920cdb6d5e1611daad6c9a1e
SHA1fb09c59c2ca810f4f91a38992d6c19d7521bb95d
SHA25686ae0ee60e30982a54b0759f9ced1a10a970dc5f65a1dd49faa42740b8c50c0f
SHA512318446783f9bf01d6bf6efd09d6de0c34acbc4f62c7a8631f45140131ad4a6f12874146cb15570a0fa643b85122dd894b0b4d56656e993a0b8f10af8f95281bf