Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
64s -
max time network
65s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
05/08/2024, 20:59
Behavioral task
behavioral1
Sample
Myro V5.6.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral2
Sample
Myro V5.6.exe
Resource
win11-20240802-en
Behavioral task
behavioral3
Sample
Multi-Tool.pyc
Resource
win10v2004-20240802-en
Behavioral task
behavioral4
Sample
Multi-Tool.pyc
Resource
win11-20240802-en
General
-
Target
Multi-Tool.pyc
-
Size
6KB
-
MD5
f3a8a3595558b0197ab48aef1cbec32f
-
SHA1
0aa8df3db9a363b42edcecd38ac2f880d1ccfe85
-
SHA256
0be903df744e803a46b87da8069d3f7b889e65071ca53ae4041efdb187531314
-
SHA512
7af19fcc02831b1463917e4cc9e52e7c6e0dbcddb8160820297d93b8129d4b40219f8c9deb30bf56342770941631178561272e26b8ef67ff1f708c0257284cd1
-
SSDEEP
192:8zeQ+QivY4HH0X/dLzVWMBRrJ5XkNMe3333332jsa7O24pEy7rSZ:NQ+Qiw4HH0vFzVWSrHW3333332h7O24K
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 4824 OpenWith.exe 4824 OpenWith.exe 4824 OpenWith.exe 4824 OpenWith.exe 4824 OpenWith.exe 4824 OpenWith.exe 4824 OpenWith.exe 4824 OpenWith.exe 4824 OpenWith.exe 4824 OpenWith.exe 4824 OpenWith.exe 4824 OpenWith.exe 4824 OpenWith.exe