Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
139s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
12/07/2024, 16:18
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
quickaccesspopup.exe
Resource
win7-20240708-en
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
quickaccesspopup.exe
Resource
win10v2004-20240704-en
2 signatures
150 seconds
General
-
Target
quickaccesspopup.exe
-
Size
5.3MB
-
MD5
34b7f00d12b3038498138e52e03cff3c
-
SHA1
3909faa970757f2653d170eb4b12b9888fc0c942
-
SHA256
0b3f24b3feeac3d9a82d19cae578695acbbf9b7f2635b75c08c9d0c01483df8e
-
SHA512
24f0cfdfae905757088f26117212492057b9527c7c9793cca71d8761fbf4221dfbac806ecd143b6b31443ffbde43b1e6c11654056ac8d79bf2d74e61381673b0
-
SSDEEP
49152:aa+WtZnm23Dkwlg4YzuCe4dreJfR1MLyHXMWM4/99ZDGhuWj45EB5yXmZwGT7tww:R3Y23Dk4wdmtXVDV3EHJwat
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 4896 set thread context of 1540 4896 quickaccesspopup.exe 93 -
Suspicious use of WriteProcessMemory 5 IoCs
description pid Process procid_target PID 4896 wrote to memory of 1540 4896 quickaccesspopup.exe 93 PID 4896 wrote to memory of 1540 4896 quickaccesspopup.exe 93 PID 4896 wrote to memory of 1540 4896 quickaccesspopup.exe 93 PID 4896 wrote to memory of 1540 4896 quickaccesspopup.exe 93 PID 4896 wrote to memory of 1540 4896 quickaccesspopup.exe 93
Processes
-
C:\Users\Admin\AppData\Local\Temp\quickaccesspopup.exe"C:\Users\Admin\AppData\Local\Temp\quickaccesspopup.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4896 -
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeC:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe2⤵PID:1540
-