Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
91s -
max time network
95s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
04/09/2024, 15:23
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
triggerfor5355/data/fraudpixeltb.exe
Resource
win11-20240802-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
triggerfor5355/passwordfortgb.exe
Resource
win11-20240802-en
2 signatures
150 seconds
General
-
Target
triggerfor5355/data/fraudpixeltb.exe
-
Size
1.2MB
-
MD5
3f07e2ddc3e177dba375c2a47100f7b5
-
SHA1
5af76740dc1140e6b536351abeefaf2da903be8e
-
SHA256
88aaa8133970909a5f482fd80aab28de6cb50a1a0f24454416103736004fc6ed
-
SHA512
a3eb965a845b5b08b40fd6eafb891d8cdbc1065453d132c971e0dd7277859a9221b66d28386afc1e90244ac71466df6c4430c81fecceb561d805878ad00c6d1f
-
SSDEEP
24576:7UNxvqF6FGYJf6yjNQpNONZNlTX5PlGPgquLEIWxUc7N11QaSYx7GqQ5ayA:7UNxvC6FGYJf6yjNQpNONZnTX5PlGPgo
Score
1/10
Malware Config
Signatures
-
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 3372 fraudpixeltb.exe 3372 fraudpixeltb.exe -
Suspicious use of SendNotifyMessage 2 IoCs
pid Process 3372 fraudpixeltb.exe 3372 fraudpixeltb.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3372 fraudpixeltb.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\triggerfor5355\data\fraudpixeltb.exe"C:\Users\Admin\AppData\Local\Temp\triggerfor5355\data\fraudpixeltb.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3372
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5032