Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

Core.zip

windows7-x64

1

Core.zip

windows10-2004-x64

1

AdobePIM.dll

windows7-x64

4

AdobePIM.dll

windows10-2004-x64

4

Core.dll

windows7-x64

1

Core.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    210s
  • max time network
    212s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/03/2023, 16:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Core.zip

  • Size

    1.1MB

  • MD5

    364f0041bbdfbf89c1ba629fa739259c

  • SHA1

    75da3c7c1f73537ee8aa69e8d4ae07b30622a5ec

  • SHA256

    df135707402bd01bc6a3c10d16f876f25bd16b8a85329687833490cebd9b0051

  • SHA512

    1b405658bf4d7bf264b325643edf45f770a3bba24fc6b5ce7b28fd7117c9674d00499d2c1a81d8bbfa854559d72b716038c284fafd71d9d2c65b6da623959592

  • SSDEEP

    24576:HcbkDhnYy39SziV9EO4DzNGXqu2UFGkE5+F5ENmq75AN+Hh1Bs7RkWJ73d3h/:8AYy39GQr43NGXEODF5oGN+HDC7vX

Score
1/10

Malware Config

Signatures

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Core.zip
    1⤵
      PID:2928
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1832

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1832-133-0x00000237DAEE0000-0x00000237DAEE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1832-134-0x00000237DAEE0000-0x00000237DAEE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1832-135-0x00000237DAEE0000-0x00000237DAEE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1832-139-0x00000237DAEE0000-0x00000237DAEE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1832-141-0x00000237DAEE0000-0x00000237DAEE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1832-140-0x00000237DAEE0000-0x00000237DAEE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1832-142-0x00000237DAEE0000-0x00000237DAEE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1832-143-0x00000237DAEE0000-0x00000237DAEE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1832-144-0x00000237DAEE0000-0x00000237DAEE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1832-145-0x00000237DAEE0000-0x00000237DAEE1000-memory.dmp

      Filesize

      4KB

      Download