Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

26/06/2024, 00:05

240626-adg5asvckn 7

26/06/2024, 00:03

240626-ab6d4svblr 9

Analysis

  • max time kernel
    63s
  • max time network
    65s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/06/2024, 00:05

General

  • Target

    updated_executor.rar

  • Size

    3.5MB

  • MD5

    d73111b521e8f8b7cc6596eeff5b1749

  • SHA1

    9cbf4b5ac548c7cd0c5adfd0bb5448dbe03aa590

  • SHA256

    ace42bc61959dde6abbef1deccb2474f97bc8790f86b853638cf6b9cedf7092c

  • SHA512

    c7459453f7c9732135a05a4abdf00a1c12036eae503c9fc90327ad3a77730bd6b6fa349066de7d8f97c295e1429548100b484bd25d27fbc54ba4aafc12c7a9d4

  • SSDEEP

    49152:L5nYy10A2bOJaxwQ28QbgdP/h5NySL3GNq2WLIb/TmJV8lwcOMcmf3HYgMkC2ZDc:hYy1l2VGQ23E33Ny2qjbjedM9PMKZvXw

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\updated_executor.rar
    1⤵
    • Modifies registry class
    PID:2060
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3728
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3756

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads