Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

print.exe

windows10-2004-x64

1

printfilte...vc.exe

windows10-2004-x64

1

printui.exe

windows10-2004-x64

1

proquota.exe

windows10-2004-x64

1

provlaunch.exe

windows10-2004-x64

1

provtool.exe

windows10-2004-x64

1

prproc.exe

windows10-2004-x64

1

psr.exe

windows10-2004-x64

1

pwlauncher.exe

windows10-2004-x64

1

rasautou.exe

windows10-2004-x64

1

rasdial.exe

windows10-2004-x64

1

raserver.exe

windows10-2004-x64

1

rasphone.exe

windows10-2004-x64

1

rdpclip.exe

windows10-2004-x64

1

rdpinput.exe

windows10-2004-x64

1

rdrleakdiag.exe

windows10-2004-x64

1

readCloudD...gs.exe

windows10-2004-x64

1

recdisc.exe

windows10-2004-x64

1

recover.exe

windows10-2004-x64

1

refsutil.exe

windows10-2004-x64

1

reg.exe

windows10-2004-x64

1

regedt32.exe

windows10-2004-x64

7

regini.exe

windows10-2004-x64

1

regsvr32.exe

windows10-2004-x64

1

rekeywiz.exe

windows10-2004-x64

1

relog.exe

windows10-2004-x64

1

repair-bde.exe

windows10-2004-x64

1

replace.exe

windows10-2004-x64

1

resmon.exe

windows10-2004-x64

7

rmttpmvscmgrsvr.exe

windows10-2004-x64

1

rrinstaller.exe

windows10-2004-x64

1

rstrui.exe

windows10-2004-x64

1

Resubmissions

09/07/2024, 13:39

240709-qydwdayanf 7

09/07/2024, 07:52

240709-jqdr3swdle 6

09/07/2024, 06:42

240709-hgkzcs1bjl 5

09/07/2024, 06:34

240709-hb2d6azhjn 3

09/07/2024, 05:47

240709-ggxgqa1crh 4

Analysis

  • max time kernel
    87s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/07/2024, 13:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    pwlauncher.exe

  • Size

    52KB

  • MD5

    d0743203ba4eb04ddffdae63c8d6ded7

  • SHA1

    117d5503b2bccf3c00623f5a6fd73213b871ad0e

  • SHA256

    4e8dbb3e89dfd69856c0cce34a6f5960aab1e8d0b42c9dc991accb249e8ec044

  • SHA512

    2bcf60617c5538b466b7263d8a175b9d5747c10126d1c62794b1330a4664885a28a0a1746da5ef26d0727b32bbb8b7b9d2515683e1efad036a1659b4eddb86d6

  • SSDEEP

    768:JRLAuL35vJLgZmdagPZxMGE/GIfUMF0T8QSoe4KG0srxOC2fc+:JRjL35xUcTxgnPF0T8G0srY5fc+

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\pwlauncher.exe
    "C:\Users\Admin\AppData\Local\Temp\pwlauncher.exe"
    1⤵
      PID:1636
    • C:\Windows\System32\GameBarPresenceWriter.exe
      "C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
      1⤵
        PID:3508
      • C:\Windows\system32\OpenWith.exe
        C:\Windows\system32\OpenWith.exe -Embedding
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4152
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
        1⤵
        • Checks processor information in registry
        • Modifies registry class
        PID:344

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads