Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

External E...ed.msg

windows10-2004-x64

3

message_v2.rpmsg

windows10-2004-x64

6

Analysis

  • max time kernel
    242s
  • max time network
    192s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/09/2024, 19:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    External Email secure' ANS-- RQM-151393 INC - W ID suspended.msg

  • Size

    182KB

  • MD5

    9a9028d61ce792545d58104284fec3ea

  • SHA1

    02f747620a9252fa4a7f5806e76ebd6464610d30

  • SHA256

    92d52f19422a72074e143ba1c426e81e684d5530aec205086ebecb05f7f32e62

  • SHA512

    2c0fdef9d49ebee65bd7f1d8472960567461694c6b7e65f6d91053f822564f1c67c2d64cb4d1966f9fe2fdc6223ba2aa24f4de1556aef8ed0c794b21192852a8

  • SSDEEP

    3072:M1fXT1mdhtQwhXHULAmgeHaPTqRmjBmeLAMiX1tN:WfXT1mTZhXHxDB+X1

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\External Email secure' ANS-- RQM-151393 INC - W ID suspended.msg"
    1⤵
    • Modifies registry class
    PID:2068
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3844

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads