Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

[email protected]

windows10-2004-x64

7

Analysis

  • max time kernel
    70s
  • max time network
    67s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/08/2024, 04:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    [email protected]

  • Size

    6.8MB

  • MD5

    30ecc2641e6713f25c6066583e812f7c

  • SHA1

    a30acd171ae28b892cb0e4786ab3b91032bb4f38

  • SHA256

    cb68f377a41ebf3406d79dde3436c482dcea0f413be3738e365c8427cd663a28

  • SHA512

    853ccbb76f4b778cd9b6579b75131d36c75a7381e7ecbd85f20f40c2eff3e7a0f3fddbd08a59a975bca80a5831dc2900cafc0fe87525b837dc776593839e13cd

  • SSDEEP

    196608:YvwUsOYV7ao8tWwDH5fAydcw/fx1kliWj:Yvw1OtB75fAG880

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\[email protected]
    1⤵
    • Modifies registry class
    PID:2124
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5076
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4364
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3608
    • C:\Program Files\7-Zip\7zG.exe
      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\uz1@ucnher\" -ad -an -ai#7zMap939:100:7zEvent23686
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:3612
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1912
    • C:\Program Files\7-Zip\7zG.exe
      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\uz1@ucnher\muI@uncher\" -ad -an -ai#7zMap22970:122:7zEvent4853
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:4700
    • C:\Users\Admin\AppData\Local\Temp\uz1@ucnher\muI@uncher\[email protected]
      "C:\Users\Admin\AppData\Local\Temp\uz1@ucnher\muI@uncher\[email protected]"
      1⤵
      • Executes dropped EXE
      PID:2468
    • C:\Users\Admin\AppData\Local\Temp\uz1@ucnher\muI@uncher\[email protected]
      "C:\Users\Admin\AppData\Local\Temp\uz1@ucnher\muI@uncher\[email protected]"
      1⤵
      • Executes dropped EXE
      PID:3124

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\uz1@ucnher\[email protected]
      Filesize

      6.8MB

      MD5

      c449b61445724c28eb0a8a6ac9cc2f11

      SHA1

      a065e301fef3ecb3d433552bb9b5578538211b6c

      SHA256

      5c19719a0101063b40d14d9d428671b3394d15670e81901eafac7f1f672d557c

      SHA512

      3799df050c5d462bc5feeb26e58e898042478c70bc7043be9567b15b70769dbc347ee2c7f14c2bb3c3a1a106a2f6288088b90d675e815829e45a8eefe5bf3004

      Download Submit

    • memory/2468-30-0x00007FF772900000-0x00007FF773ED1000-memory.dmp

      Filesize

      21.8MB

      Download