Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
11s -
max time network
15s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
23/08/2024, 15:02
Static task
static1
Behavioral task
behavioral1
Sample
HG255s-10V100R001C163B037_main.bin
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
HG255s-10V100R001C163B037_main.bin
Resource
win10v2004-20240802-en
General
-
Target
HG255s-10V100R001C163B037_main.bin
-
Size
16.0MB
-
MD5
8ef1255aaf1c471205299453a03f424f
-
SHA1
e0da0c5c4776be8741f57b9f7762fe2f31511a86
-
SHA256
4bcbc1201e4d15d4739c645850115dd92a8cbbca98e54e550f725528b4779813
-
SHA512
a01d98fce57143d66f3ea5fd6cede33fd3bd175fde9a99278ad715760e60be6a75002a8412dda4e2c1dfcfe517832f84c50812804e793a46cb958057ec42b461
-
SSDEEP
393216:LPIBU6IzfAUZrfIRO7rmpdKgqFqiN0pU72NOnH:b8UZrgRCr0KgqFqxU72NOH
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2452 OpenWith.exe -
Suspicious use of SetWindowsHookEx 31 IoCs
pid Process 2452 OpenWith.exe 2452 OpenWith.exe 2452 OpenWith.exe 2452 OpenWith.exe 2452 OpenWith.exe 2452 OpenWith.exe 2452 OpenWith.exe 2452 OpenWith.exe 2452 OpenWith.exe 2452 OpenWith.exe 2452 OpenWith.exe 2452 OpenWith.exe 2452 OpenWith.exe 2452 OpenWith.exe 2452 OpenWith.exe 2452 OpenWith.exe 2452 OpenWith.exe 2452 OpenWith.exe 2452 OpenWith.exe 2452 OpenWith.exe 2452 OpenWith.exe 2452 OpenWith.exe 2452 OpenWith.exe 2452 OpenWith.exe 2452 OpenWith.exe 2452 OpenWith.exe 2452 OpenWith.exe 2452 OpenWith.exe 2452 OpenWith.exe 2452 OpenWith.exe 2452 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\HG255s-10V100R001C163B037_main.bin1⤵
- Modifies registry class
PID:3064
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2452
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3996,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=4192 /prefetch:81⤵PID:3420