Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
63s -
max time network
65s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
26/06/2024, 00:05
Behavioral task
behavioral1
Sample
updated_executor.rar
Resource
win10v2004-20240611-en
3 signatures
600 seconds
Behavioral task
behavioral2
Sample
updated_executor.rar
Resource
win11-20240508-en
11 signatures
600 seconds
General
-
Target
updated_executor.rar
-
Size
3.5MB
-
MD5
d73111b521e8f8b7cc6596eeff5b1749
-
SHA1
9cbf4b5ac548c7cd0c5adfd0bb5448dbe03aa590
-
SHA256
ace42bc61959dde6abbef1deccb2474f97bc8790f86b853638cf6b9cedf7092c
-
SHA512
c7459453f7c9732135a05a4abdf00a1c12036eae503c9fc90327ad3a77730bd6b6fa349066de7d8f97c295e1429548100b484bd25d27fbc54ba4aafc12c7a9d4
-
SSDEEP
49152:L5nYy10A2bOJaxwQ28QbgdP/h5NySL3GNq2WLIb/TmJV8lwcOMcmf3HYgMkC2ZDc:hYy1l2VGQ23E33Ny2qjbjedM9PMKZvXw
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3728 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\updated_executor.rar1⤵
- Modifies registry class
PID:2060
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3728
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3756