Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

a884784169...0b.exe

windows7-x64

9

a884784169...0b.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    25/06/2024, 17:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a8847841699d6a52ac3f93de6cececb92468a8f71b7c7752247c00c04e6c310b.exe

  • Size

    5.7MB

  • MD5

    f94a9131f449eb918f4dbeca0ddf1c3c

  • SHA1

    62ce620a4c460bd8c426bd722e48e1097687cb62

  • SHA256

    a8847841699d6a52ac3f93de6cececb92468a8f71b7c7752247c00c04e6c310b

  • SHA512

    f4e9a1f572e0a44bfc87c0d5b829c0d9584843f410729e1844443ec0bd1ecf5f59612146648deb5f89b296a04b98612408e5534181b8b0f4253dc677ffb73109

  • SSDEEP

    98304:b/6n94bDY2EBcBuq62V///4nAWakrn7S/IhWoaVVfs/VIsMF4JD8iulhq7NmXkVE:uMD+cpvJ/4H3nmghWoa/fsysMF4JD85n

Score
9/10
evasion

Malware Config

Signatures

  • Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a8847841699d6a52ac3f93de6cececb92468a8f71b7c7752247c00c04e6c310b.exe
    "C:\Users\Admin\AppData\Local\Temp\a8847841699d6a52ac3f93de6cececb92468a8f71b7c7752247c00c04e6c310b.exe"
    1⤵
    • Looks for VirtualBox Guest Additions in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:996

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
    Filesize

    642B

    MD5

    9bb73a0d45036621f5d4b2d1f633faf8

    SHA1

    023f4ca45793551287e6b8068326b98e87c73516

    SHA256

    50b8cc49792986caa6f5380ef340c56c815462d4490defa31f4463f59eb44a02

    SHA512

    760b4601fa9d006a00ccd54b3a5df16b11e892b0ff18b06f762fe81de08335454b7d5857f035e651ebbb6d3ed37f4c126c11f9a28309068e4575ca62aa3b731a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
    Filesize

    6KB

    MD5

    b812ef301515d9c424fc865dc1a09cc9

    SHA1

    0388b2c27b752fab465e60f80b334eb5ad727ed3

    SHA256

    c7e61ac5961ff944a34488da6e333d10f3d3fbbace8098f674fb748b028e2757

    SHA512

    4e3e1dc0a92e5c0301b1c3e6889a8398676a7b4ceb95c1815e1219ee1abaaa6755cfd969f12788815fd4be665f0ae3db58790718f4fd15684db4b889ad089a6d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
    Filesize

    248B

    MD5

    0a6524146fba0f0ae5234a8a0311f9b8

    SHA1

    c4b349b0e15853dfc45de1015d3ad03effdd47d1

    SHA256

    7ad6850fde5ef564cf07a9e1f064d79f8cee9acddede7fb54cc51969cfe5fcf6

    SHA512

    3f69702f6ef399b2049d7206f4dd6c6546afa90b801c195770ef6b937d2008ff2742ba6a15d7324428366b929bb3dee3ed7b6b0f905b9af636ad24b47944182e

    Download Submit