Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

639a17eed5...a1.zip

windows11-21h2-x64

3

Resubmissions

21/11/2024, 02:56

241121-dfcjdaxfnb 8

21/11/2024, 02:55

241121-destzaxfme 1

21/11/2024, 02:39

241121-c5hagsxenf 3

21/11/2024, 02:38

241121-c42yhaxrfv 3

21/11/2024, 02:35

241121-c3gwyasncl 3

21/11/2024, 02:23

241121-cvcl9axqh1 3

21/11/2024, 02:17

241121-cq22caxqgz 3

Analysis

  • max time kernel
    96s
  • max time network
    106s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    21/11/2024, 02:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    639a17eed5125ced4bd08a468204732fa2d37d42d3a47465d22f3afe45b7c7a1.zip

  • Size

    3.9MB

  • MD5

    d436a7f9e06e611bff0cb685039aa1ff

  • SHA1

    2396f1730ad30aa07475d8a2df1a688836513c58

  • SHA256

    639a17eed5125ced4bd08a468204732fa2d37d42d3a47465d22f3afe45b7c7a1

  • SHA512

    84afb7d1a0ae1997ad7b359aac7c4cbb2fb191b59734e66e27f13985beedd9afd083931380b38d854ed7f4d607f6a42dd5f9a0db8fa4936749d71bd06ba108c9

  • SSDEEP

    98304:hZanHcQyaMI3AsE+RL6jefCkW376vBpkJ:n48jdE+HjOCkk+vA

Score
3/10
persistenceprivilege_escalation

Malware Config

Signatures

  • Event Triggered Execution: Accessibility Features 1 TTPs

    Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.

    persistenceprivilege_escalation
  • Modifies registry class 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\639a17eed5125ced4bd08a468204732fa2d37d42d3a47465d22f3afe45b7c7a1.zip"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2368
  • C:\Windows\system32\BackgroundTransferHost.exe
    "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
    1⤵
    • Modifies registry class
    PID:1096
  • C:\Windows\system32\osk.exe
    "C:\Windows\system32\osk.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:5020
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004E0
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4836

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\869429df-e2b8-471b-8674-e524f19e7ce2.down_data
    Filesize

    555KB

    MD5

    5683c0028832cae4ef93ca39c8ac5029

    SHA1

    248755e4e1db552e0b6f8651b04ca6d1b31a86fb

    SHA256

    855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

    SHA512

    aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

    Download Submit