Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
73s -
max time network
67s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
25/06/2024, 17:26
General
-
Target
invite.ics
-
Size
4KB
-
MD5
32356dce9e90f58a3881974a986970a3
-
SHA1
ef86683a0370f87564f038df2d45930a51f5d61b
-
SHA256
b62d9e17e078332a26f0a3d400cd46beaf57c1221d36e3522bb3c6474af73213
-
SHA512
829d197d4bae5878dd94f0e666dc63ba7ab6904fa4c778b7aa109868d0a9fcd5e5b1712344f8ce45f81c85bb9522fd57e17ef83ae3e6ceb4ca5ec0643aee5bd9
-
SSDEEP
96:EgfoTQ8oxg7xcZFvRf62HiXFTfVefNiVNATdULqR3Q6gWiRXSdJy:dozaHvRfQFTfVefNi0kqFQN9CLy
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 29 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\invite.ics1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\invite.ics2⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4156,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=4120 /prefetch:81⤵