Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
133s -
max time network
197s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
27/06/2024, 06:49
Static task
static1
Behavioral task
behavioral1
Sample
WinRAR.exe
Resource
win10-20240404-en
3 signatures
150 seconds
General
-
Target
WinRAR.exe
-
Size
2.2MB
-
MD5
d0d62dd194d9438cd8a5e22db189a9ba
-
SHA1
4a281b12e15bed0a62cfeffc4ed456aaf84a610f
-
SHA256
a019b289af227f6947b964886c0c765640976e965a74f1b7a5b3127cfd6e6547
-
SHA512
780c7fbdbc1022ec0bd07b8edcdfe3f6791f3d168e3262ee15c4318a6ea78e7ff5af85d5f9ec890a3b7a5ff5b2ace41fe4d239b870cf8f1ad186e10c278f5274
-
SSDEEP
49152:F2IoCBtJnxlyU/mWhRcQYhie6/UIdjjQuctXnFDu3nuzNDNui0hBdH36Q:ArCBrtcy/lfkD0nutNuTBpqQ
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance WinRAR.exe Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance WinRAR.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4540 WinRAR.exe 4540 WinRAR.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\WinRAR.exe"C:\Users\Admin\AppData\Local\Temp\WinRAR.exe"1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4540
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2680