Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

mYm.cfg

windows7-x64

3

mYm.cfg

windows10-2004-x64

3

Analysis

  • max time kernel
    94s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20230220-es
  • resource tags

    arch:x64arch:x86image:win7-20230220-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    07/03/2023, 17:29 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mYm.cfg

  • Size

    3KB

  • MD5

    ddc483a581386f8f9baa71b6ed8f6d60

  • SHA1

    f4bd4b886a741ea7ea100aa8b5de8a0ea5f40bd4

  • SHA256

    a6cb0a1b99a567ea125b5ec3940579d680b99f2c71e1f350ce4578044e0ba6fe

  • SHA512

    b26519cb6f75bc37c931de8cb5cc8274bbe611b61514100b3b0d7cf4ee3677ecd9d66c2b91ddbbc7a872efd5c5858a4cd71ca2e842b2c06b28d328822bec21fb

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\mYm.cfg
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1164
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\mYm.cfg
      2⤵
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      PID:476

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.