Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

f2fa3ee40e...41.exe

windows7-x64

9

f2fa3ee40e...41.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/08/2024, 17:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f2fa3ee40e1be3913e0920cdfd4f744e47bc082fffa276caed011859c3e3ad41.exe

  • Size

    6.2MB

  • MD5

    9931a63ffde51187b1cbdd7a81fa1dfb

  • SHA1

    7daa5e3724c1c9ed44689a533a7a6ef71fd07208

  • SHA256

    f2fa3ee40e1be3913e0920cdfd4f744e47bc082fffa276caed011859c3e3ad41

  • SHA512

    0742f07d4a3ed9e12f675dee635693f1bc926e895fa71db7cd9af0e5250f7570c5830305e43b1caa65f95068af92e18b446ac58354cce2d5bcbc0ebe810b1743

  • SSDEEP

    196608:oMD+cpvJ/4H3nmghWoa/fsysMF4JD85lJiY9pkjic:oMFgXnU7sEl79pyX

Score
9/10
discoveryevasion

Malware Config

Signatures

  • Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
    evasion
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f2fa3ee40e1be3913e0920cdfd4f744e47bc082fffa276caed011859c3e3ad41.exe
    "C:\Users\Admin\AppData\Local\Temp\f2fa3ee40e1be3913e0920cdfd4f744e47bc082fffa276caed011859c3e3ad41.exe"
    1⤵
    • Looks for VirtualBox Guest Additions in registry
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2332
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4356,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=1040 /prefetch:8
    1⤵
      PID:1088

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
      Filesize

      652B

      MD5

      b4c2284bfc45453845a5eaa79a9f0cd3

      SHA1

      fbbca03d21c1ce7e0eb7e7e113423637ce6e12ec

      SHA256

      7b5f4e807ee408094cb6a838c939aaefd0257fc5672b5e67fb8a967feb6d55a3

      SHA512

      3572b3ea8b392c18b373b5cc7c3c04b8f419cabf22d6bbdcdae5687574b75844d836e6316a5f182b06dc4cd127c943a46b1a7373bbac0ab1cb6ba23b6e749b1e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
      Filesize

      5KB

      MD5

      9191b2aa6ef706f0b8c8e6e62be12f6f

      SHA1

      ecad0baf263aa859459210dfa86579659721e859

      SHA256

      265c5f698887d12eaabed0e56b809a861a04ce49fe1578749eb2aded2da70963

      SHA512

      b4845750abd89de1d2cbf402a9569550d37c524da41c05ecb75cc2c0b42b1d4ea62c671413a1aa63afe8b09bc08c89ccbc136fd1938628d0f639fe1a60fe7da1

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
      Filesize

      310B

      MD5

      a9a7dbb0fa37079011687ac0c2939651

      SHA1

      ea2968b802587682cf5806d615c2bc85259f19df

      SHA256

      07adf6d9f6287ea7fc0b57080724bedd703ac842b46c17133cca68105f0b4e27

      SHA512

      67c18881d5e6a69bd44c36ef200f7145bf39719d4c9409e53143d7695ed09204926608058659fc20174b713d810321910ea09043e5ce12b8cf6e8fa1aea5ac70

      Download Submit