Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

01/09/2024, 07:00

240901-hs2fgsvall 5

28/08/2024, 19:09

240828-xt1yns1era 10

28/08/2024, 19:05

240828-xrz9csshnl 10

Analysis

  • max time kernel
    4s
  • max time network
    7s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    01/09/2024, 07:00

General

  • Target

    razspy.exe

  • Size

    17KB

  • MD5

    c9122b326a11741382964a64acbbb43e

  • SHA1

    216bac6bee35ce03407349a23eb6a618bf95082d

  • SHA256

    af3b9d5de82a924b2177d69965dff7cb98f5adca28dd4a50e844d96dadd528d1

  • SHA512

    1fcc4fd64ca6eaeeee0be91d4bc067bed2f5e6716d05a2a74b90e702b1110d8cb81d32995ffededc0a67fc3ed725df3cad8424ddc17a33c7a040902687ab6102

  • SSDEEP

    192:3YQ9IeQOGWJvSdDk9iMeqh6c+e0zigZIkGoskKjgEDkZ5qcL/e3Q5tfuNKA:3YQmeQLWJvlI/DvzAZDg7m39

Score
5/10

Malware Config

Signatures

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\razspy.exe
    "C:\Users\Admin\AppData\Local\Temp\razspy.exe"
    1⤵
    • Sets desktop wallpaper using registry
    PID:3672

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\vss.exe

    Filesize

    2KB

    MD5

    a1be098b04e5dd3d869f0230132195d7

    SHA1

    66296f988e78c3670f3a56eefedd5cd2609019dc

    SHA256

    7a3186516817da2604d26d1c6bfdbda57a8309040b64e1d20ca795f21f67a871

    SHA512

    02cb8a64626a042c5ffaf32c6a7cab40c8e08bd3f63832d55857a7a7c562fc7341e1bab11086a9a870ea52a34949d8332cbde03eb03c2c31545c0d50f1360b72