Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

522dfde09e...cb1176

windows11-21h2-x64

1

Resubmissions

11/11/2024, 01:53

241111-ca9fgstjbj 10

11/11/2024, 01:53

241111-ca5sasyqfs 10

Analysis

  • max time kernel
    38s
  • max time network
    34s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    11/11/2024, 01:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    522dfde09e90aad84c900ffb7c9f5acee40a5ac68ee6846d8cf7284503cb1176

  • Size

    256KB

  • MD5

    ce39407f5442c56fdc342737c58b31d2

  • SHA1

    363a5eec4245cabb4477bd1bb36e09f845342d55

  • SHA256

    522dfde09e90aad84c900ffb7c9f5acee40a5ac68ee6846d8cf7284503cb1176

  • SHA512

    2fabd6510cee1acf2471f13633a5f3449b23aadc64fe7f92647f14f5d67228a43aacf3f50b7aa29fd6bbad9bfa6955a550f4d1d64ea7bf5b2a620f5e9b7a08b8

  • SSDEEP

    3072:fTV/wi4lr55R9TxlnsPsUw0jOuw+caARZBrNOOsz5poVUDMp9YgjgTA0eo8JBcTF:Z/hkaqZI3

Score
1/10

Malware Config

Signatures

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 24 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\522dfde09e90aad84c900ffb7c9f5acee40a5ac68ee6846d8cf7284503cb1176
    1⤵
      PID:1684
    • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
      "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1628
    • C:\Windows\system32\BackgroundTransferHost.exe
      "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
      1⤵
      • Modifies registry class
      PID:3704
    • C:\Windows\System32\Taskmgr.exe
      "C:\Windows\System32\Taskmgr.exe"
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1480

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\64a348c9-ae16-460a-bd64-9db06802b21e.down_data
      Filesize

      555KB

      MD5

      5683c0028832cae4ef93ca39c8ac5029

      SHA1

      248755e4e1db552e0b6f8651b04ca6d1b31a86fb

      SHA256

      855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

      SHA512

      aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
      Filesize

      10KB

      MD5

      0c71204dc7dd088aa8f1b279e29d7bf5

      SHA1

      475dbeb8589312574e6b5f3ca2913b8b80af155b

      SHA256

      28f655f695c0992c73fa7b02fca2c93b65aec5b8c82297e1be30ed9016eb54a1

      SHA512

      f10ec78286923446833e4f19900a790be0440885688fe273a811648de090a765ea82ef8ccc062987ec12285e0de608b803671d01358a18dd4504f90845169826

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
      Filesize

      10KB

      MD5

      76fbe77cbc68f3bd5f0decad25775716

      SHA1

      2ebc2dea0b2224ea73fb5413d94ad38218122bf3

      SHA256

      8d59129db45c9f234318144380c9d167d89a9faa8e2a6aede9b5a3bcfdf650b6

      SHA512

      1a5d850914bd033defe42de3a333c2a7497927a07289258acd5ec08e973b4ed45030b0f299d6da5bac16ad607ed471b3db52a5c9676a532ecaa0836682618230

      Download Submit

    • memory/1480-32-0x000001F803D30000-0x000001F803D31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1480-25-0x000001F803D30000-0x000001F803D31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1480-26-0x000001F803D30000-0x000001F803D31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1480-24-0x000001F803D30000-0x000001F803D31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1480-36-0x000001F803D30000-0x000001F803D31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1480-35-0x000001F803D30000-0x000001F803D31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1480-34-0x000001F803D30000-0x000001F803D31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1480-33-0x000001F803D30000-0x000001F803D31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1480-31-0x000001F803D30000-0x000001F803D31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1480-30-0x000001F803D30000-0x000001F803D31000-memory.dmp

      Filesize

      4KB

      Download