Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
62s -
max time network
66s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
27/10/2024, 22:01
Static task
static1
Behavioral task
behavioral1
Sample
R6 Script.rar
Resource
win10v2004-20241007-en
3 signatures
300 seconds
General
-
Target
R6 Script.rar
-
Size
111KB
-
MD5
064db67a423e95cf104cf0cbd949f97f
-
SHA1
c94d4ad7d69c14f783db28448657d5a3e8e75c44
-
SHA256
9996b7ab1211684a1d7e32ba542db3332a8fdcef65d2c3e2cc03ff05062cfdd4
-
SHA512
8cb49e6872cfefa1926d848716cf6a70ac734914e8d55c2b22ea766929b835b5ae841b78944c4c95ff4c03ca04a4180313cc2e5fdf7b7d97ab215511f01c6c1e
-
SSDEEP
1536:8kHBBKJHJXYxchWFWw0Jtrci5f9a0Svdv40nocUyufW0yklTGRSpRJTHomGUbFeZ:G+yhsgIcfdSVv4yK3XyksRKwmPeZ
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 4204 7zFM.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 4204 7zFM.exe Token: 35 4204 7zFM.exe Token: SeSecurityPrivilege 4204 7zFM.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 4204 7zFM.exe 4204 7zFM.exe
Processes
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\R6 Script.rar"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4204
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3528