Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

27/10/2024, 22:02

241027-1x98astdjg 10

27/10/2024, 22:01

241027-1xdjbstcqf 1

Analysis

  • max time kernel
    62s
  • max time network
    66s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/10/2024, 22:01

General

  • Target

    R6 Script.rar

  • Size

    111KB

  • MD5

    064db67a423e95cf104cf0cbd949f97f

  • SHA1

    c94d4ad7d69c14f783db28448657d5a3e8e75c44

  • SHA256

    9996b7ab1211684a1d7e32ba542db3332a8fdcef65d2c3e2cc03ff05062cfdd4

  • SHA512

    8cb49e6872cfefa1926d848716cf6a70ac734914e8d55c2b22ea766929b835b5ae841b78944c4c95ff4c03ca04a4180313cc2e5fdf7b7d97ab215511f01c6c1e

  • SSDEEP

    1536:8kHBBKJHJXYxchWFWw0Jtrci5f9a0Svdv40nocUyufW0yklTGRSpRJTHomGUbFeZ:G+yhsgIcfdSVv4yK3XyksRKwmPeZ

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\R6 Script.rar"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4204
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3528

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads