Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
276s -
max time network
274s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
24/07/2024, 08:24
General
-
Target
TamenuV5.2.rar
-
Size
79.1MB
-
MD5
f28fe1f5fb69993c498d5a40ff3f8bda
-
SHA1
a8b5ce1b150422f9fac10c7eabecbe396052133e
-
SHA256
dde75797d1dc18a3c9c9e5f316bb23e0584ae21d75a06b80afb95b6c5385b5f2
-
SHA512
9b3bad7bb084e56ad373e5250d1ac84f265a33f52c8c6f77ac4fbd6f2e5d6eaa31fdefcbea24d3061b0c3b385f54d462b095d4c40ca264f6e5efeff21efe7d09
-
SSDEEP
1572864:XaoQDHE1keXcvwXD1qN1webO2F4LgxUo5sakoP2H4pstUp/p:JCHE1D1IexcH5sm2YeGph
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious use of FindShellTrayWindow 9 IoCs
-
Suspicious use of SendNotifyMessage 8 IoCs
-
Suspicious use of SetWindowsHookEx 36 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\TamenuV5.2.rar1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\TamenuV5.2.rar"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-