Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
40s -
max time network
48s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
10/06/2024, 22:22
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
client_protected.exe
Resource
win11-20240508-en
2 signatures
300 seconds
General
-
Target
client_protected.exe
-
Size
454KB
-
MD5
be0061137b50b995b369c993aa328832
-
SHA1
0ad883878b7cc252049af0ed2044091f331c1f7a
-
SHA256
fc3347a3ae67c400cbd23c7e783d66346456cc4b2cdb1e1ddff0c81e57f2a3c2
-
SHA512
fe0a8ce4109df51ec6eb6862abd334aebe759b1fd8a3b602956d6df8b72602c325ccbc052267e54c2b017a47d7626edf591562e621eef5b1f97e08541bf94715
-
SSDEEP
12288:BjVFrnothLliWD5lt3O+7GlenrVK+zlr/ZhD:xbotTiM5lt3hGgnLzlH
Score
6/10
Malware Config
Signatures
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 1 api64.ipify.org -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString client_protected.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 client_protected.exe