Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
134s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
27/07/2024, 14:09
Static task
static1
Behavioral task
behavioral1
Sample
Executor.rar
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
Executor.rar
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
README.txt
Resource
win10-20240611-en
Behavioral task
behavioral4
Sample
README.txt
Resource
win10v2004-20240709-en
General
-
Target
Executor.rar
-
Size
8.5MB
-
MD5
b89e0e0d30b9110c054a835a0769f7ff
-
SHA1
3a3b38bf7e2b018ac2b31001ae81b33d37acf946
-
SHA256
0b8cf93755560b9e92be4b0c791a8fff15db9e38f9e6952ae9b58ea84ccab3dd
-
SHA512
ac3b00bf76758f03a83cff1380d08def9638e9df3e803be48be0d78adee8909ecbbf4d02565b8aa3bab7927a3d3f04a417c38c222e77cacbd5f4f5a1356377b1
-
SSDEEP
196608:DgD702OCl4dgTuIV+1JSWsssk4l0SK9Z/p0ZVDjJdgYscVE:UMtVI4/5YVq/qZdtd8Z
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4984 OpenWith.exe