Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
25/06/2024, 15:14
Static task
static1
Behavioral task
behavioral1
Sample
d6de3b0dea66889414f79b11603c39ec1497422f42665168c3d02ff34cf45098.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d6de3b0dea66889414f79b11603c39ec1497422f42665168c3d02ff34cf45098.exe
Resource
win10v2004-20240508-en
General
-
Target
d6de3b0dea66889414f79b11603c39ec1497422f42665168c3d02ff34cf45098.exe
-
Size
5.7MB
-
MD5
e6cc570bcb689f428eeeac579842c38e
-
SHA1
ea011bf36c5796336bf74d596a8dfe564fefbef7
-
SHA256
d6de3b0dea66889414f79b11603c39ec1497422f42665168c3d02ff34cf45098
-
SHA512
31da798a647337da1adeb57ef5829343b7470b0a57ca7913ad522772f21501012a050deca3db29993c8105eadac3f843d1eccf1e012be2ca0bbcbcffe24fdd43
-
SSDEEP
98304:j/6n94bDY2EBcBuq62V///4nAWakrn7S/IhWoaVVfs/VIsMF4JD8iulhq7NmBkVK:mMD+cpvJ/4H3nmghWoa/fsysMF4JD85x
Malware Config
Signatures
-
Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Oracle\VirtualBox Guest Additions d6de3b0dea66889414f79b11603c39ec1497422f42665168c3d02ff34cf45098.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2252 d6de3b0dea66889414f79b11603c39ec1497422f42665168c3d02ff34cf45098.exe 2252 d6de3b0dea66889414f79b11603c39ec1497422f42665168c3d02ff34cf45098.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2252 d6de3b0dea66889414f79b11603c39ec1497422f42665168c3d02ff34cf45098.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 2252 d6de3b0dea66889414f79b11603c39ec1497422f42665168c3d02ff34cf45098.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\d6de3b0dea66889414f79b11603c39ec1497422f42665168c3d02ff34cf45098.exe"C:\Users\Admin\AppData\Local\Temp\d6de3b0dea66889414f79b11603c39ec1497422f42665168c3d02ff34cf45098.exe"1⤵
- Looks for VirtualBox Guest Additions in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2252
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
652B
MD5f32420f38a60ca19be939574b46761a9
SHA1eaba3a77f7e0a030111cbd6d26bb24ff5717bb02
SHA25646afd54bdbdb0606d8ff5bf5d1c78052517f4b9583e644f396e1fc5c28e08a56
SHA512cac0509d65a82366cfe4f1d6a6413bb385985911501a620d83adbc4e1b346a9191189b72c3bce18698dec870d1c3a952e4deeb424effa967ea532c4fe00e8ecf
-
Filesize
4KB
MD54d962c1011eee04b3be30f9093a17c7c
SHA1a33851fd915d64e1e9657d2d0234cb25f2decbea
SHA256bf62c99a65520cbc93005e46f0b000a3552796894f24ca826d04fb23d30c1a7f
SHA512e8ca85dcf8d33e27607ce638556f0cc46bee8497c960101496b3440923f32265349215a451481f5415fb62c08bd70f2b3c97534cf359cf18bd1b5e03493338f3
-
Filesize
252B
MD51e036558821d9a28b26a42ea21e296a2
SHA1edc635fdca9f90b25d007d54da495d0a555d1873
SHA256ca438c61488cbde628079791c32359d483329d4529a0a78d5feb5afc5080680d
SHA5120c9b7334d209fb633d23c61067797dbba501e5d97708dea93b49d271f90170d4c1d0fed495ae2d67e5c1cb61e6bc030420dd77f7ba2d7c6edaf87e239edc9b25