Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

5684bacad2...16.exe

windows7-x64

9

5684bacad2...16.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    25/06/2024, 14:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5684bacad212c89707f53f052cf4e3261b397110e9424e764772db7010deca16.exe

  • Size

    5.7MB

  • MD5

    6670376842668c9015833b07fc6b92ef

  • SHA1

    dd3471fef9630b46a3e734cf76232ddeeefe8b82

  • SHA256

    5684bacad212c89707f53f052cf4e3261b397110e9424e764772db7010deca16

  • SHA512

    9de5569a05f3011ef814c682f2995ea67dbbce02625e76627182fd05e43a1d0b360bd533899f2771f09b4b4ba216ac6a0323510f24eb72931e554f4c1d4a34f5

  • SSDEEP

    98304:j/6n94bDY2EBcBuq62V///4nAWakrn7S/IhWoaVVfs/VIsMF4JD8iulhq7NmMkVp:mMD+cpvJ/4H3nmghWoa/fsysMF4JD85B

Score
9/10
evasion

Malware Config

Signatures

  • Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 17 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5684bacad212c89707f53f052cf4e3261b397110e9424e764772db7010deca16.exe
    "C:\Users\Admin\AppData\Local\Temp\5684bacad212c89707f53f052cf4e3261b397110e9424e764772db7010deca16.exe"
    1⤵
    • Looks for VirtualBox Guest Additions in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1704

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
    Filesize

    576B

    MD5

    d3331d5026320673e7a2a47c7ed2f689

    SHA1

    8d462f72b40a48d01583db46628fa27601941348

    SHA256

    02d2b8d344a57c93471f28792058f120248eca5c19f9d8e0e06389b932c6621b

    SHA512

    d0c583dcbb52edd671481294faaff4f2191b23600306d6df1e0c5e2d15ab3833eb307948db2b043120939221376ff94c790d89645ecd9be0394f3e98425538cc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
    Filesize

    7KB

    MD5

    efb26555af34d6bbcc7cc7f2c8304016

    SHA1

    51289213c0ed1294203d9b329bf80fafa21ca71a

    SHA256

    d7f7de3e09b2ba0b81f7cb7f231665c6e9eb8165cee650e82b24c748d79b0b64

    SHA512

    4cc634c8ed77898c79c69e9c753414704508ab6d801283400d2fa74e17463c79463e107ad45bb4a29064b8ac27475cf51a72a3380c3bdf384ad7db21e5e49a8e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
    Filesize

    252B

    MD5

    cc9a33673030ed7bbd8312f88e6226a1

    SHA1

    072095bed717e6fe8a0e16e9191fe1f3e02ba4ff

    SHA256

    fa393410123e4760f15c92e1901974a87da22fabc719590317cbcbba90db2d4c

    SHA512

    67c685394c71989a9eeee21987a0a9ed59cc58d59e031f36db35842935a08c9c417d60161de4654d7697aefa58444f7dc26356ee57dbd809502e6a425bef9227

    Download Submit