Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

unnamed.png

windows11-21h2-x64

3

Resubmissions

07/06/2024, 20:36 UTC

240607-zdyjqadg85 3

07/06/2024, 20:33 UTC

240607-zb1ajadg75 4

Analysis

  • max time kernel
    456s
  • max time network
    523s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240426-en
  • resource tags

    arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    07/06/2024, 20:36 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    unnamed.png

  • Size

    19KB

  • MD5

    5c0ffadb7a78d5dfeae169e5639874ca

  • SHA1

    c976c074236b396fa082bc04db0cbd668597aa57

  • SHA256

    44a315d194832d2701d0038989f2a33f52e6b64d0a6407f2d8174be77107ffd7

  • SHA512

    e4a7a18675d45fbe446d2581c15784735a00f56f869e4accba5d9a6f5773dfc3c9bc80e8333a14fd6c1ae35db509e6d1e08f37a2a60824c8670a0e63a1d82504

  • SSDEEP

    384:aZPgh67G5nwisTHK1g+ixU1/NNlsET70d/KEh1sI3ic:SNWsP+QMvgKEh/3ic

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\unnamed.png
    1⤵
      PID:4860
    • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
      "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2488

    Network

      No results found
    • 184.28.176.18:443
      www.bing.com
      tls
      32.8kB
       228.8kB
       242
      213
    • 23.62.61.97:443
      r.bing.com
      tls
      1.2kB
       5.3kB
       16
      13
    • 23.62.61.97:443
      r.bing.com
      tls
      1.1kB
       5.2kB
       15
      12
    • 23.62.61.97:443
      r.bing.com
      tls
      78.3kB
       1.8MB
       1369
      1325
    • 23.62.61.97:443
      r.bing.com
      tls
      1.1kB
       5.2kB
       15
      12
    • 23.62.61.97:443
      r.bing.com
      tls
      1.2kB
       5.3kB
       16
      13
    • 23.62.61.97:443
      r.bing.com
      tls
      1.1kB
       5.2kB
       15
      12
    • 104.208.16.88:443
      browser.pipe.aria.microsoft.com
      tls
      3.1kB
       7.5kB
       19
      14
    • 52.111.229.43:443
      322 B
       7
    No results found

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
      Filesize

      10KB

      MD5

      e91ba7113b9ee73bf73cfbf795374b4f

      SHA1

      beef122500329c4babf0903b183e7ecc933a234a

      SHA256

      71d02f8625c90f7c9499fcbc6f2335fbacf9a5fdc58b475e0ffde696de5a9c98

      SHA512

      7c7644a911b218d20300a51c288182312bf57e48c78faf1791c0f710451bd907721d64f3f6d26a0cac77fa7ed088b0bc084d272f4416299122adbec9896586e7

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
      Filesize

      10KB

      MD5

      2b4dd1474237a4dc70e20f421915ac73

      SHA1

      d584be2833b590e89e2de69626463c89f6637baf

      SHA256

      f3d1b90af58e98b943ee01c3ced5d13c6bdbc5f0c2eaeca9a204aff10c2d3b9d

      SHA512

      f7b5470b68bc07270f01cd0032b61e60803406bb5f1fc06093dde8fc00ea7c309a9d1c467853c7af5521adf8bacc2257649a4c65d97023357950353707f31c1e

      Download Submit

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.