Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
21/07/2024, 19:49
Static task
static1
Behavioral task
behavioral1
Sample
f7cb049fb273a5dd970ff15d424fe7a8b93ffcc95a59800163f8143059d89f60.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
f7cb049fb273a5dd970ff15d424fe7a8b93ffcc95a59800163f8143059d89f60.exe
Resource
win10v2004-20240709-en
General
-
Target
f7cb049fb273a5dd970ff15d424fe7a8b93ffcc95a59800163f8143059d89f60.exe
-
Size
5.7MB
-
MD5
228573a3e36673d8c4784415659a425f
-
SHA1
77afd534cab9422a251f66c3399f2ca3ed68476f
-
SHA256
f7cb049fb273a5dd970ff15d424fe7a8b93ffcc95a59800163f8143059d89f60
-
SHA512
ef1e4f5b17bf8733bcdda5a7741c46769a63c1160f655fa0de6f10353fbf94acf4ff2d5bef5cd769b7e73b0de187ad010f40d8f5a4d5bc110f6e46e459f666df
-
SSDEEP
98304:j/6n94bDY2EBcBuq62V///4nAWakrn7S/IhWoaVVfs/VIsMF4JD8iulhq7NmnkV6:mMD+cpvJ/4H3nmghWoa/fsysMF4JD85X
Malware Config
Signatures
-
Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Oracle\VirtualBox Guest Additions f7cb049fb273a5dd970ff15d424fe7a8b93ffcc95a59800163f8143059d89f60.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2524 f7cb049fb273a5dd970ff15d424fe7a8b93ffcc95a59800163f8143059d89f60.exe 2524 f7cb049fb273a5dd970ff15d424fe7a8b93ffcc95a59800163f8143059d89f60.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2524 f7cb049fb273a5dd970ff15d424fe7a8b93ffcc95a59800163f8143059d89f60.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 2524 f7cb049fb273a5dd970ff15d424fe7a8b93ffcc95a59800163f8143059d89f60.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\f7cb049fb273a5dd970ff15d424fe7a8b93ffcc95a59800163f8143059d89f60.exe"C:\Users\Admin\AppData\Local\Temp\f7cb049fb273a5dd970ff15d424fe7a8b93ffcc95a59800163f8143059d89f60.exe"1⤵
- Looks for VirtualBox Guest Additions in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2524
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
652B
MD5cb9febc99dcd0a035c9ade3ff35473d8
SHA1dbb341c5d413cf753279c0c9934988efe65f4886
SHA256b7ea6e2d3ee802c8e3969979b945980af4d1c2f0a2326091924d9ead6000543c
SHA512d700ef5073a219c31e46a4b126d623ba39a60b46e616ae0c2d0a34f6b7f0cd049c397bd18afa382507ce499bad042a9e6173c98848e955648367de74a1d56821
-
Filesize
3KB
MD557e9b21b2920c356b1ee59b7824d7cb3
SHA1d79b1bc65dc6e8aeb75d600aee44e7a9752af273
SHA25643ca5822a098c3db50682ad3ea55e74e358418f4f5dcc93d070fea082c2d71d0
SHA51287159c6d878a6291562749111e9e0b46360bdb3e6d8d6be9826ec299bd53941587c1bb1e2686add342a66c65fde3424fe750a25f5928030fe043486a17805652
-
Filesize
4KB
MD54b5b2b74006a26dd4f70388409bdee21
SHA1ff961cc0d3957b593a064f03990678e6c8cd428b
SHA256bf157e0b7b0dcb214b83fa54fd9d41ef375e17c09481c568451e5ed67e5e60a3
SHA512e04d955adb0e898cc52c80b1ad45540dd9176c81008a91866a2bb910edf3fe797f57e4810c75e0c68390b361149926089a83c0612cb329d0b9cfd3476d35efbe