Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
09/07/2024, 21:14
Static task
static1
Behavioral task
behavioral1
Sample
sdsetup.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral2
Sample
sdsetup.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
新云软件.url
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral4
Sample
新云软件.url
Resource
win10v2004-20240709-en
windows10-2004-x64
General
-
Target
sdsetup.exe
-
Size
500KB
-
MD5
1526581b563522975fdfa678add1b749
-
SHA1
a8dbdc433279d7ed615e24af364a6e1ce08b3158
-
SHA256
c46653133e431997f754b585d11d18be73fc0774b877a511ac576c2659742bda
-
SHA512
2170bf620fc4a3ca206168316b31d2ddeef119eecf5bcdbb027e11ad04d8033e9dbdc9b4a89f575fe7b92ed47b09862bb024748ea41474f22cf930041b447db8
-
SSDEEP
6144:edsn3VUsa5sSoGBpG8CgSFnQ3Begfftpi4YFhPTZ8DAxkmJIRGowR9:7lUs4no87SF16fKthPTZNxA+9
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\Spyware Doctor = "C:\\Users\\Admin\\Desktop\\sdsetup.exe -min" sdsetup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1712 sdsetup.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe 1712 sdsetup.exe