Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
134s -
max time network
136s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
21/06/2024, 19:20
Behavioral task
behavioral1
Sample
Electron_V3.rar
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
Electron V3/ElectronV3.exe
Resource
win10-20240611-en
Behavioral task
behavioral3
Sample
Stub.pyc
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
Electron V3/bin/agree.txt
Resource
win10-20240404-en
Behavioral task
behavioral5
Sample
Electron V3/scripts/Inf Yield.txt
Resource
win10-20240404-en
Behavioral task
behavioral6
Sample
Electron V3/workspace/IY_FE.iy
Resource
win10-20240404-en
General
-
Target
Electron_V3.rar
-
Size
9.2MB
-
MD5
99b597e902a287776b31409c6360d0e1
-
SHA1
27cb1da608b4b9b88a588c03c6f50681189ea33e
-
SHA256
499ed20a8f9a54f7631ed0a296bfc1c5e914c2fd3ed73fbb77c40dd2b861faf4
-
SHA512
006e60920a2b85680fc4ebb03dfa77eb016e84f293e938c7037dea7ea5145e2f31cebf16dc29713a32bfb9ddacf65f974f7fd26adf21f0f99f40f33561a9ff51
-
SSDEEP
196608:OZp4dT6flSf169O4tqtkj+AI7WVi+obw1Y5gLrhn2rRyoA7NbKYOxHRilA:OZelN69OvtkKAIP+obwtXh2rkoA7NbKN
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2556 OpenWith.exe -
Suspicious use of SetWindowsHookEx 29 IoCs
pid Process 2556 OpenWith.exe 2556 OpenWith.exe 2556 OpenWith.exe 2556 OpenWith.exe 2556 OpenWith.exe 2556 OpenWith.exe 2556 OpenWith.exe 2556 OpenWith.exe 2556 OpenWith.exe 2556 OpenWith.exe 2556 OpenWith.exe 2556 OpenWith.exe 2556 OpenWith.exe 2556 OpenWith.exe 2556 OpenWith.exe 2556 OpenWith.exe 2556 OpenWith.exe 2556 OpenWith.exe 2556 OpenWith.exe 2556 OpenWith.exe 2556 OpenWith.exe 2556 OpenWith.exe 2556 OpenWith.exe 2556 OpenWith.exe 2556 OpenWith.exe 2556 OpenWith.exe 2556 OpenWith.exe 2556 OpenWith.exe 2556 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Electron_V3.rar1⤵
- Modifies registry class
PID:4948
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2556