Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

final-wind...2).exe

windows11-21h2-x64

7

Resubmissions

25/06/2024, 15:54

240625-tb657asbkp 7

25/06/2024, 15:53

240625-tb268ssbjr 1

25/06/2024, 15:40

240625-s4nnwa1fpj 7

02/04/2024, 14:29

240402-rtkc2adb64 7

Analysis

  • max time kernel
    70s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-fr
  • resource tags

    arch:x64arch:x86image:win11-20240508-frlocale:fr-fros:windows11-21h2-x64systemwindows
  • submitted
    25/06/2024, 15:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    final-windows-sign (2).exe

  • Size

    25.2MB

  • MD5

    4a9cfff3e3291632882c4c74696f984e

  • SHA1

    c35bcd9c752b4a9d03f31162f4499aa9d00c5d55

  • SHA256

    ddc63974ae0d40f205c9260cb191e54fec3804659427a7f8184543495e66946c

  • SHA512

    a0bfbc53a88a37d06cf8d632e6e4af1c0b4d720c9b4b2eb0f91bc96ed4ad00bb837f73ba60082342be514d1486adba2ddb92cda2c11d2d1e001ad4c773dc58c3

  • SSDEEP

    393216:gRkAHpSlMdyiQhJE4wS/JVywizWb+sCLvSkI7Wb3k7+FAWdwzf5NpckWWh:gDHpciCJhxPiz2+xKktbJFzdqFck

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 61 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\final-windows-sign (2).exe
    "C:\Users\Admin\AppData\Local\Temp\final-windows-sign (2).exe"
    1⤵
    • Deletes itself
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    PID:4900
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /0
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4152

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4152-1-0x0000023B63DF0000-0x0000023B63DF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4152-3-0x0000023B63DF0000-0x0000023B63DF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4152-2-0x0000023B63DF0000-0x0000023B63DF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4152-7-0x0000023B63DF0000-0x0000023B63DF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4152-10-0x0000023B63DF0000-0x0000023B63DF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4152-12-0x0000023B63DF0000-0x0000023B63DF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4152-13-0x0000023B63DF0000-0x0000023B63DF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4152-11-0x0000023B63DF0000-0x0000023B63DF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4152-9-0x0000023B63DF0000-0x0000023B63DF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4152-8-0x0000023B63DF0000-0x0000023B63DF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4900-0-0x00007FF757AD0000-0x00007FF75940D000-memory.dmp

    Filesize

    25.2MB

    Download

  • memory/4900-16-0x00007FF757AD0000-0x00007FF75940D000-memory.dmp

    Filesize

    25.2MB

    Download