Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

Void serve...st.exe

windows7-x64

1

Void serve...st.exe

windows10-2004-x64

1

Resubmissions

08/08/2024, 14:08

240808-rfx2zayake 4

08/08/2024, 14:06

240808-reqw9svaqj 3

08/08/2024, 14:03

240808-rc4eksxhpc 4

Analysis

  • max time kernel
    72s
  • max time network
    22s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    08/08/2024, 14:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Void server boost/void server boost.exe

  • Size

    1.0MB

  • MD5

    ce1c66fbc99abd29ad81c5d064e0f966

  • SHA1

    72394086d1916da3697e8513672e09f59a1ff907

  • SHA256

    a18628e8080b21bf266abf4f571063abba2207ac2d999993541a0f49176b4801

  • SHA512

    fca61fcb62742b33b46f7d6e73bcb6f0d841f7b96845e0578a36541945e7ada2eeefc812d698093935aa0809518178f764e0d04bcf889031abea4fd1f0f9621a

  • SSDEEP

    24576:njih34xvK2EW2rLZHSIa6agTRpnnJMOr2I7cimoi1Cu:nO34xyD9L9LagThXr2+Vm

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 61 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Void server boost\void server boost.exe
    "C:\Users\Admin\AppData\Local\Temp\Void server boost\void server boost.exe"
    1⤵
      PID:2608
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1276
    • C:\Users\Admin\AppData\Local\Temp\Void server boost\void server boost.exe
      "C:\Users\Admin\AppData\Local\Temp\Void server boost\void server boost.exe"
      1⤵
        PID:2884

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1276-1-0x0000000140000000-0x00000001405E8000-memory.dmp

        Filesize

        5.9MB

        Download

      • memory/1276-2-0x0000000140000000-0x00000001405E8000-memory.dmp

        Filesize

        5.9MB

        Download

      • memory/1276-3-0x00000000020D0000-0x00000000020E0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1276-6-0x0000000140000000-0x00000001405E8000-memory.dmp

        Filesize

        5.9MB

        Download

      • memory/2608-0-0x0000000062800000-0x0000000062813000-memory.dmp

        Filesize

        76KB

        Download