Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
12/08/2024, 08:07
240812-j1a4yawhlc 312/08/2024, 07:54
240812-jry5easanr 312/08/2024, 00:38
240812-azdzrs1eqh 4Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
12/08/2024, 07:54
Static task
static1
Behavioral task
behavioral1
Sample
BETA RELEASE.rbxl
Resource
win11-20240802-en
3 signatures
150 seconds
General
-
Target
BETA RELEASE.rbxl
-
Size
10.6MB
-
MD5
84410f118086e1b78a2cab476b0cb1e9
-
SHA1
5734087068443e22446f88dec2f34e2183d2b7c2
-
SHA256
4cc08389a45641ead70dd6dec8735dccd6ea139439f7d2a56778b1675ae04fa2
-
SHA512
4f615ad2ab818f3b92c42df59ca659398067b5f5517a10e788739b894e11474766687c553d8248cddb5de17e1eb5ad5d64cb8d867e05b4e73a14659abe9c62f6
-
SSDEEP
196608:rkvo1Ne2LxB1/Mgx1E6DVqzq5sx0p4brsOt7P8EWt7/cgG:rkQbe2z1/JU6Dmq5y0p4bgOt7P8EW9Uz
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2628 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\BETA RELEASE.rbxl"1⤵
- Modifies registry class
PID:3372
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2628
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵PID:3828
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService1⤵PID:4160