Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
14/08/2024, 16:40
240814-t6p56ascqa 3Analysis
-
max time kernel
16s -
max time network
20s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
14/08/2024, 16:40
Static task
static1
Behavioral task
behavioral1
Sample
ElectricLauncher.7z
Resource
win7-20240705-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
ElectricLauncher.7z
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
ElectricLauncher.7z
-
Size
51.5MB
-
MD5
cdb5e0ea8a50e1ed5e80f2fc70883550
-
SHA1
b5075928e63a609ca7b61748a989de77fc092439
-
SHA256
01342213b45659a27b48f65b73b7043b84faba91ca8f80963560d824097e5ed1
-
SHA512
73fc72b19754f72ca6122c132851e2a7f95573d7f11a78ac01020a1fdd84e9fe54425de044814f517618224e6c9045ea1316b67f55976f19ae276fbc76e4e8b8
-
SSDEEP
786432:D1hq7lbHq0joZGThd/SLAqWBHK4A5ffZfewdfONYYGfXF6uIfrNaEU8ruVGwQeB+:DW9Hq0jy8hp9qW41ZWq3XF6S8rKB+
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_Classes\Local Settings rundll32.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_Classes\Local Settings rundll32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2276 rundll32.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe 2276 rundll32.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 484 wrote to memory of 2756 484 cmd.exe 32 PID 484 wrote to memory of 2756 484 cmd.exe 32 PID 484 wrote to memory of 2756 484 cmd.exe 32 PID 2756 wrote to memory of 2276 2756 rundll32.exe 33 PID 2756 wrote to memory of 2276 2756 rundll32.exe 33 PID 2756 wrote to memory of 2276 2756 rundll32.exe 33
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\ElectricLauncher.7z1⤵
- Suspicious use of WriteProcessMemory
PID:484 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\ElectricLauncher.7z2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2756 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\ElectricLauncher.7z3⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:2276
-
-