Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
05/06/2024, 08:30
Static task
static1
Behavioral task
behavioral1
Sample
4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7.exe
Resource
win10v2004-20240508-en
General
-
Target
4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7.exe
-
Size
6.2MB
-
MD5
9072d9128443a508754f45933141ed39
-
SHA1
e7c3fe94caa4a0e38ce8d97bf5be60e9868f4cf1
-
SHA256
4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7
-
SHA512
05efdb365adc4813088b8bd2e499724e5fbc1b100c385e311cab8b852cbb0f9ea2f173042621f99211cd13a6d6934fbcee91922d064ea51e3e54bdc538605be5
-
SSDEEP
196608:oMD+cpvJ/4H3nmghWoa/fsysMF4JD85lSiY9pkjiA:oMFgXnU7sElG9pyX
Malware Config
Signatures
-
Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Oracle\VirtualBox Guest Additions 4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3316 4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7.exe 3316 4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3316 4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 3316 4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7.exe"C:\Users\Admin\AppData\Local\Temp\4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7.exe"1⤵
- Looks for VirtualBox Guest Additions in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3316
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
652B
MD56fbab0033b1d5e5cb9109604b470f6ce
SHA15023fa9a5444e2c36fac08d14488d83f2b7bf56e
SHA256c7d9cc9c1f2047c29464f1af5b784c2ddc79709d73bcad64dad31b356a18041e
SHA5124121ef204172a2a80aa6ca27519bf174efb16b92ce5e9370e38d1e4d49a2d96c2d6aec58a6ee31880c1f063b27c0d097cd4876ce8e6c79afc8a7695823fa6f6c
-
Filesize
9KB
MD55d37a74d67fc1f1536e2b73b223d82c3
SHA16f3991acb80b3d0649f440bfe8f3b41694d121b5
SHA256bca299ca767f4dbbf52e5c0620e589f1c0c8db8319f5a62374a76f6c4a82d15c
SHA512080f1346fb753a436dbbba2a78c3ee1a5cf6dd1ef7b4a4475e1a97a6e5d71c9645a9009ff5868fbdd24a90a8a4e0b6120e484953fdb719485c47c011990396f5
-
Filesize
310B
MD5c7aea13d18e1cba772933cf2da948344
SHA173a68fe301f238570d330fbcee98cc3bed9f1a75
SHA25631980931dd9dd3fd30aa4f4939ae41132c972f8d857037932258f5d65feb67b9
SHA512180e2f809ee26e01952f09d6cffb18be8057ac3e7a6b19597f0de2334ecdf4f6e6ed36f676ad52c102aece85fb4547bcdc3c6e83dc6afae87b33134c203fb1a7