Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

dump.pcapng

windows7-x64

dump.pcapng

windows10-2004-x64

3

Resubmissions

14/05/2023, 22:29

230514-2ehk1aga9s 5

14/05/2023, 22:26

230514-2cs9qaga8v 8

14/05/2023, 22:23

230514-2aznqadg58 3

14/05/2023, 22:19

230514-18hbnaga6y 8

14/05/2023, 22:15

230514-16m45aga5w 3

14/05/2023, 22:12

230514-14s8csdg37 5

14/05/2023, 22:09

230514-121vesdg34 3

Analysis

  • max time kernel
    104s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    14/05/2023, 22:09

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    dump.pcapng

  • Size

    38KB

  • MD5

    7b4a96b7864203fa0b1b84703ca55996

  • SHA1

    aff893300475cf0a66b7b4f4dec812c0ef8c41c0

  • SHA256

    5c87f76fca785e5ccca4c7aa3c3e2ba9fedbc6ee7ae48b3f5d75b3831a211353

  • SHA512

    1f4383f798a46c656097f0acf86896885f3f85c674fe2f69ef620f860ad8caebfb7bf337778f8d36d94847fd50f9b97a4f9482d77a08e44aa46d9c5431dc08c4

  • SSDEEP

    768:7uC8U+CYAV18LZrHifO6fU3AKwqlGP5IHr:758UTMLFiO6fU7BYyL

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\dump.pcapng
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1472
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\dump.pcapng
      2⤵
      • Modifies registry class
      PID:556
  • C:\Windows\system32\cmd.exe
    "C:\Windows\system32\cmd.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1148
    • C:\Windows\system32\taskkill.exe
      taskkill /f /im lsass.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:1480
    • C:\Windows\system32\logoff.exe
      logoff
      2⤵
        PID:2024
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x0
      1⤵
        PID:1992
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x558
        1⤵
          PID:824
        • C:\Windows\system32\AUDIODG.EXE
          C:\Windows\system32\AUDIODG.EXE 0x510
          1⤵
            PID:2004
          • C:\Windows\system32\AUDIODG.EXE
            C:\Windows\system32\AUDIODG.EXE 0x5c0
            1⤵
              PID:1940
            • C:\Windows\system32\AUDIODG.EXE
              C:\Windows\system32\AUDIODG.EXE 0x5b0
              1⤵
                PID:552
              • C:\Windows\system32\AUDIODG.EXE
                C:\Windows\system32\AUDIODG.EXE 0x590
                1⤵
                  PID:1580
                • C:\Windows\system32\AUDIODG.EXE
                  C:\Windows\system32\AUDIODG.EXE 0x5bc
                  1⤵
                    PID:1200
                  • C:\Windows\system32\AUDIODG.EXE
                    C:\Windows\system32\AUDIODG.EXE 0x554
                    1⤵
                      PID:1236
                    • C:\Windows\system32\AUDIODG.EXE
                      C:\Windows\system32\AUDIODG.EXE 0x588
                      1⤵
                        PID:1744
                      • C:\Windows\system32\AUDIODG.EXE
                        C:\Windows\system32\AUDIODG.EXE 0x538
                        1⤵
                          PID:284
                        • C:\Windows\system32\AUDIODG.EXE
                          C:\Windows\system32\AUDIODG.EXE 0x180
                          1⤵
                            PID:1572
                          • C:\Windows\system32\sethc.exe
                            sethc.exe 211
                            1⤵
                              PID:1388
                            • C:\Windows\system32\LogonUI.exe
                              "LogonUI.exe" /flags:0x0
                              1⤵
                                PID:1768
                              • C:\Windows\system32\LogonUI.exe
                                "LogonUI.exe" /flags:0x0
                                1⤵
                                  PID:504

                                Network

                                MITRE ATT&CK Enterprise v6

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • memory/504-81-0x0000000002740000-0x0000000002741000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/1388-79-0x00000000001B0000-0x00000000001B1000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/1768-80-0x0000000002740000-0x0000000002741000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/1992-78-0x0000000002880000-0x0000000002881000-memory.dmp

                                  Filesize

                                  4KB

                                  Download