Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

Sprawls.cmd

windows7-x64

1

Sprawls.cmd

windows10-2004-x64

8

Unpreposse...re.wsf

windows7-x64

8

Unpreposse...re.wsf

windows10-2004-x64

8

Unpreposse...ty.jpg

windows7-x64

3

Unpreposse...ty.jpg

windows10-2004-x64

3

semihonorS...ng.cmd

windows7-x64

1

semihonorS...ng.cmd

windows10-2004-x64

8

semihonorS...th.jpg

windows7-x64

3

semihonorS...th.jpg

windows10-2004-x64

3

semihonorS...ck.jpg

windows7-x64

3

semihonorS...ck.jpg

windows10-2004-x64

3

Analysis

  • max time kernel
    43s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2022, 16:15 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    semihonorSpeculated/Pharmacosiderite/Discamp/Sawsmith.jpg

  • Size

    36KB

  • MD5

    a7ec37a016d42355ae70009bbccb6883

  • SHA1

    ab60088f7cc96c56fc52597db4565087bb9002a5

  • SHA256

    50234d68cf2ddcecfb28250cff1ac9e66737c1419ef8beb4aeabf57c13c8d0cd

  • SHA512

    8896c347634a45f540e2a02d6b581ba2bc979a3ee998b0af2d298867b80d24164cad245c645fe4305cd01d3c0355c8a9205722aa529a90634edfc3cede5e2465

  • SSDEEP

    768:hBzj5WGhCql3vzUcWonZmXB4MvvRQyNc/LaE2TqGYV6TUz:hFj5dFNLyNcm7bTu

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\semihonorSpeculated\Pharmacosiderite\Discamp\Sawsmith.jpg
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:1092

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1092-54-0x000007FEFB761000-0x000007FEFB763000-memory.dmp

    Filesize

    8KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.