Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
3MAKS_V2.5.rar
windows10-1703-x64
3ANAHTAR OL....5.exe
windows10-1703-x64
MAKS KURULUM V2.5.exe
windows10-1703-x64
1MessagingT...de.dll
windows10-1703-x64
1applist.fatih
windows10-1703-x64
3guncelle.exe
windows10-1703-x64
10iplist.fatih
windows10-1703-x64
3weblist.fatih
windows10-1703-x64
3Analysis
-
max time kernel
316s -
max time network
1597s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
27/09/2024, 11:58
Static task
static1
Behavioral task
behavioral1
Sample
MAKS_V2.5.rar
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
ANAHTAR OLUŞTUR V2.5.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
MAKS KURULUM V2.5.exe
Resource
win10-20240611-en
Behavioral task
behavioral4
Sample
MessagingToolkit.QRCode.dll
Resource
win10-20240404-en
Behavioral task
behavioral5
Sample
applist.fatih
Resource
win10-20240404-en
Behavioral task
behavioral6
Sample
guncelle.exe
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
iplist.fatih
Resource
win10-20240404-en
Behavioral task
behavioral8
Sample
weblist.fatih
Resource
win10-20240404-en
General
-
Target
MAKS_V2.5.rar
-
Size
4.4MB
-
MD5
a9924822eb7b1e73edbd037b2c9e66dc
-
SHA1
6be897d7ee3384c9bdf06c79444fdb33190716c1
-
SHA256
cb4fe6a46082486c1e1c80a6ba56d50933a378b263a3eea386e6f892829329de
-
SHA512
bec61052c6b9e598fb3b25d8288b3ecbf5a867776325159d4679d991ee4896c38fd6a581003bba091ef83cc9073f5c34bee8a8191fdc794611866fe51b4931a1
-
SSDEEP
98304:NQteYrBMOErYeApNQ49R9PXSAX/QMYs8TG1Ui8pxamV1ql7y722y5G:NQtn77j97X3X/QMhQGyika+ql7H2CG
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 5072 OpenWith.exe -
Suspicious use of SetWindowsHookEx 15 IoCs
pid Process 5072 OpenWith.exe 5072 OpenWith.exe 5072 OpenWith.exe 5072 OpenWith.exe 5072 OpenWith.exe 5072 OpenWith.exe 5072 OpenWith.exe 5072 OpenWith.exe 5072 OpenWith.exe 5072 OpenWith.exe 5072 OpenWith.exe 5072 OpenWith.exe 5072 OpenWith.exe 5072 OpenWith.exe 5072 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\MAKS_V2.5.rar1⤵
- Modifies registry class
PID:4740
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5072