Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
252s -
max time network
204s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
20/08/2024, 03:11
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
EXTERNAL.rar
Resource
win10v2004-20240802-en
4 signatures
300 seconds
Behavioral task
behavioral2
Sample
EXTERNAL/KakahMenu.exe
Resource
win10v2004-20240802-en
7 signatures
300 seconds
General
-
Target
EXTERNAL.rar
-
Size
65KB
-
MD5
7d0282d98e5a3b463a401dcf8886d2ff
-
SHA1
1a75559523d8a1c1a806d6a23e254e737ab11810
-
SHA256
1f13b909eaf544aa985020c9ddafeb792a03592991f3ce6eeb5b87e1b55ce684
-
SHA512
f26b2e506a26f73e4ff157be94005866bf8f136ad9e41c3a5ba6a6d9dcc5f9a0bba30fab46b03e88fe8c9a0bdbf354f96c1056b53d51c896bd1c90e7954f3fc1
-
SSDEEP
1536:LU1P8Rv3F5REh3sXxHQnX/CyXZrf2lw4L14cxRRphRSaH:v5REh3sXxUXHXew4L14c5PRSaH
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 4204 OpenWith.exe -
Suspicious use of SetWindowsHookEx 61 IoCs
pid Process 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe 4204 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\EXTERNAL.rar1⤵
- Modifies registry class
PID:2792
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4204