Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
36s -
max time network
40s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
05/01/2025, 00:00
Behavioral task
behavioral1
Sample
NEO_Private.exe
Resource
win10v2004-20241007-en
13 signatures
150 seconds
Behavioral task
behavioral2
Sample
main.pyc
Resource
win10v2004-20241007-en
3 signatures
150 seconds
General
-
Target
main.pyc
-
Size
7KB
-
MD5
1836a01e43d8020d70ad6dc56e6b93a7
-
SHA1
e0947d47956c956be1de716b86eafa04440e47e6
-
SHA256
f57c50aa8f71a93054e6b06ea1006b24b6d865c682d4f6a79c6d7061197cc2ef
-
SHA512
ab69de8028f8f13d42b6d1053574d8b79d96f746f234b3355769663a687d130e8282f22a6472fbebaa5b6dce32048869c54b27894e84aeb80c31ec9d4bbed559
-
SSDEEP
192:wcP2LoD8OOWdXwQnG4by3mJhwDuiPrMdwAxnw:GLTWuAG3K25TPAw
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4324 OpenWith.exe