Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    316s
  • max time network
    1597s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    27/09/2024, 11:58

General

  • Target

    MAKS_V2.5.rar

  • Size

    4.4MB

  • MD5

    a9924822eb7b1e73edbd037b2c9e66dc

  • SHA1

    6be897d7ee3384c9bdf06c79444fdb33190716c1

  • SHA256

    cb4fe6a46082486c1e1c80a6ba56d50933a378b263a3eea386e6f892829329de

  • SHA512

    bec61052c6b9e598fb3b25d8288b3ecbf5a867776325159d4679d991ee4896c38fd6a581003bba091ef83cc9073f5c34bee8a8191fdc794611866fe51b4931a1

  • SSDEEP

    98304:NQteYrBMOErYeApNQ49R9PXSAX/QMYs8TG1Ui8pxamV1ql7y722y5G:NQtn77j97X3X/QMhQGyika+ql7H2CG

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 15 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\MAKS_V2.5.rar
    1⤵
    • Modifies registry class
    PID:4740
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:5072

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads