Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
3Static
static
1ABT_1.2.2.zip
windows7-x64
1ABT_1.2.2.zip
windows10-2004-x64
1ABT_1.2.2/...2.2.gz
windows7-x64
3ABT_1.2.2/...2.2.gz
windows10-2004-x64
3archtemp.tar
windows7-x64
3archtemp.tar
windows10-2004-x64
3007ea44a73.../asset
windows7-x64
1007ea44a73.../asset
windows10-2004-x64
1007ea44a73...t.meta
windows7-x64
3007ea44a73...t.meta
windows10-2004-x64
3007ea44a73...thname
windows7-x64
1007ea44a73...thname
windows10-2004-x64
101414ed7a7.../asset
windows7-x64
101414ed7a7.../asset
windows10-2004-x64
101414ed7a7...t.meta
windows7-x64
301414ed7a7...t.meta
windows10-2004-x64
301414ed7a7...thname
windows7-x64
101414ed7a7...thname
windows10-2004-x64
101e64ddd5f.../asset
windows7-x64
101e64ddd5f.../asset
windows10-2004-x64
101e64ddd5f...t.meta
windows7-x64
301e64ddd5f...t.meta
windows10-2004-x64
301e64ddd5f...thname
windows7-x64
101e64ddd5f...thname
windows10-2004-x64
10234b70804.../asset
windows7-x64
10234b70804.../asset
windows10-2004-x64
10234b70804...t.meta
windows7-x64
30234b70804...t.meta
windows10-2004-x64
30234b70804...thname
windows7-x64
10234b70804...thname
windows10-2004-x64
1023fe15b79...t.meta
windows7-x64
3023fe15b79...t.meta
windows10-2004-x64
3Analysis
-
max time kernel
139s -
max time network
112s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
25/08/2024, 07:48
Static task
static1
Behavioral task
behavioral1
Sample
ABT_1.2.2.zip
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral2
Sample
ABT_1.2.2.zip
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
ABT_1.2.2/ABT_English/ABT_L_1.2.2.gz
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral4
Sample
ABT_1.2.2/ABT_English/ABT_L_1.2.2.gz
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
archtemp.tar
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral6
Sample
archtemp.tar
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
007ea44a734cbac4395cc77a143a514b/asset
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral8
Sample
007ea44a734cbac4395cc77a143a514b/asset
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
007ea44a734cbac4395cc77a143a514b/asset.meta
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral10
Sample
007ea44a734cbac4395cc77a143a514b/asset.meta
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
007ea44a734cbac4395cc77a143a514b/pathname
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral12
Sample
007ea44a734cbac4395cc77a143a514b/pathname
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
01414ed7a720dfb46a5642ba1c75f833/asset
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral14
Sample
01414ed7a720dfb46a5642ba1c75f833/asset
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
01414ed7a720dfb46a5642ba1c75f833/asset.meta
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral16
Sample
01414ed7a720dfb46a5642ba1c75f833/asset.meta
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
01414ed7a720dfb46a5642ba1c75f833/pathname
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral18
Sample
01414ed7a720dfb46a5642ba1c75f833/pathname
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
01e64ddd5fd040141a53280dfdc7bffa/asset
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral20
Sample
01e64ddd5fd040141a53280dfdc7bffa/asset
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
01e64ddd5fd040141a53280dfdc7bffa/asset.meta
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral22
Sample
01e64ddd5fd040141a53280dfdc7bffa/asset.meta
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
01e64ddd5fd040141a53280dfdc7bffa/pathname
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral24
Sample
01e64ddd5fd040141a53280dfdc7bffa/pathname
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
0234b70804370c34782ccb3dc0ffc011/asset
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral26
Sample
0234b70804370c34782ccb3dc0ffc011/asset
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
0234b70804370c34782ccb3dc0ffc011/asset.meta
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral28
Sample
0234b70804370c34782ccb3dc0ffc011/asset.meta
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
0234b70804370c34782ccb3dc0ffc011/pathname
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral30
Sample
0234b70804370c34782ccb3dc0ffc011/pathname
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
023fe15b796c9394f89157f9a4021ba7/asset.meta
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral32
Sample
023fe15b796c9394f89157f9a4021ba7/asset.meta
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
01e64ddd5fd040141a53280dfdc7bffa/asset.meta
-
Size
188B
-
MD5
e29f9fdb35cd9c9d0fea2f8f7fd3e5d9
-
SHA1
aedd8bde4eace9f299442dc29c2c041341a24066
-
SHA256
26c1cf5b148fa56cf356a46315b1fb0fa9f4160b03af2c456d0834d1fd117cae
-
SHA512
9b26da4e30b91da41a010fd4f904ef3038b885fa3fad096daa1a278bcc03a4b53b217c3102c5409f3ba0c19e5ce089876d8a5b93208c84e3afca1babbb73e64e
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 18 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\meta_auto_file OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\meta_auto_file\shell\edit OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\meta_auto_file\shell OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\meta_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\meta_auto_file\shell\open OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\.meta OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\meta_auto_file\shell\open\command OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\meta_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\.meta\ = "meta_auto_file" OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\潤瑭敲e⣠녖忹耀훀ᛉɰ OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\훀ᛉɰ\ = "meta_auto_file" OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\meta_auto_file\shell\edit\command OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings cmd.exe Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\潤瑭敲e⣠녖忹耀훀ᛉɰ\ = "meta_auto_file" OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\훀ᛉɰ OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\ɰ OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\ɰ\ = "meta_auto_file" OpenWith.exe -
Opens file in notepad (likely ransom note) 1 IoCs
pid Process 720 NOTEPAD.EXE -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 4392 OpenWith.exe -
Suspicious use of SetWindowsHookEx 33 IoCs
pid Process 4392 OpenWith.exe 4392 OpenWith.exe 4392 OpenWith.exe 4392 OpenWith.exe 4392 OpenWith.exe 4392 OpenWith.exe 4392 OpenWith.exe 4392 OpenWith.exe 4392 OpenWith.exe 4392 OpenWith.exe 4392 OpenWith.exe 4392 OpenWith.exe 4392 OpenWith.exe 4392 OpenWith.exe 4392 OpenWith.exe 4392 OpenWith.exe 4392 OpenWith.exe 4392 OpenWith.exe 4392 OpenWith.exe 4392 OpenWith.exe 4392 OpenWith.exe 4392 OpenWith.exe 4392 OpenWith.exe 4392 OpenWith.exe 4392 OpenWith.exe 4392 OpenWith.exe 4392 OpenWith.exe 4392 OpenWith.exe 4392 OpenWith.exe 4392 OpenWith.exe 4392 OpenWith.exe 4392 OpenWith.exe 4392 OpenWith.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 4392 wrote to memory of 720 4392 OpenWith.exe 105 PID 4392 wrote to memory of 720 4392 OpenWith.exe 105
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\01e64ddd5fd040141a53280dfdc7bffa\asset.meta1⤵
- Modifies registry class
PID:3984
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4392 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\01e64ddd5fd040141a53280dfdc7bffa\asset.meta2⤵
- Opens file in notepad (likely ransom note)
PID:720
-