Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
14/08/2024, 17:40
Static task
static1
Behavioral task
behavioral1
Sample
f2fa3ee40e1be3913e0920cdfd4f744e47bc082fffa276caed011859c3e3ad41.exe
Resource
win7-20240705-en
General
-
Target
f2fa3ee40e1be3913e0920cdfd4f744e47bc082fffa276caed011859c3e3ad41.exe
-
Size
6.2MB
-
MD5
9931a63ffde51187b1cbdd7a81fa1dfb
-
SHA1
7daa5e3724c1c9ed44689a533a7a6ef71fd07208
-
SHA256
f2fa3ee40e1be3913e0920cdfd4f744e47bc082fffa276caed011859c3e3ad41
-
SHA512
0742f07d4a3ed9e12f675dee635693f1bc926e895fa71db7cd9af0e5250f7570c5830305e43b1caa65f95068af92e18b446ac58354cce2d5bcbc0ebe810b1743
-
SSDEEP
196608:oMD+cpvJ/4H3nmghWoa/fsysMF4JD85lJiY9pkjic:oMFgXnU7sEl79pyX
Malware Config
Signatures
-
Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Oracle\VirtualBox Guest Additions f2fa3ee40e1be3913e0920cdfd4f744e47bc082fffa276caed011859c3e3ad41.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language f2fa3ee40e1be3913e0920cdfd4f744e47bc082fffa276caed011859c3e3ad41.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2148 f2fa3ee40e1be3913e0920cdfd4f744e47bc082fffa276caed011859c3e3ad41.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2148 f2fa3ee40e1be3913e0920cdfd4f744e47bc082fffa276caed011859c3e3ad41.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 2148 f2fa3ee40e1be3913e0920cdfd4f744e47bc082fffa276caed011859c3e3ad41.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\f2fa3ee40e1be3913e0920cdfd4f744e47bc082fffa276caed011859c3e3ad41.exe"C:\Users\Admin\AppData\Local\Temp\f2fa3ee40e1be3913e0920cdfd4f744e47bc082fffa276caed011859c3e3ad41.exe"1⤵
- Looks for VirtualBox Guest Additions in registry
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2148
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
MD56a71ec0a8ba79bb83b361a803554ef05
SHA135eff8658ad64751350d40fcc3928113d475e96e
SHA256414513439365bcdde4a7a122d48e88da0c5f133656e9a7a2454706dfbb40c324
SHA51248b6975ce3fee081feb1a54090d4bf98a2e837d1cd8ff6aa5340020e09120e013898c9fb2412a5fa7c4c95a95b1876fb45cccdd73835759187f0cc68dd55b021