Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
6Static
static
1christmasl...wn.zip
windows7-x64
en-US/flyout.html
windows7-x64
1en-US/gadget.html
windows7-x64
1en-US/gadget.xml
windows7-x64
1en-US/script/utils.js
windows7-x64
1en-US/scri...ls.vbs
windows7-x64
1en-US/settings.html
windows7-x64
1en-US/styl...lt.css
windows7-x64
3icon.png
windows7-x64
3images/background.png
windows7-x64
3images/go.png
windows7-x64
3images/logo.jpg
windows7-x64
3logo.png
windows7-x64
3vwd.xml
windows7-x64
1Analysis
-
max time kernel
1597s -
max time network
1601s -
platform
windows7_x64 -
resource
win7-20230220-ja -
resource tags
arch:x64arch:x86image:win7-20230220-jalocale:ja-jpos:windows7-x64systemwindows -
submitted
16/05/2023, 06:00
Static task
static1
Behavioral task
behavioral1
Sample
christmaslistcountdown.zip
Resource
win7-20230220-ja
Behavioral task
behavioral2
Sample
en-US/flyout.html
Resource
win7-20230220-ja
Behavioral task
behavioral3
Sample
en-US/gadget.html
Resource
win7-20230220-ja
Behavioral task
behavioral4
Sample
en-US/gadget.xml
Resource
win7-20230220-ja
Behavioral task
behavioral5
Sample
en-US/script/utils.js
Resource
win7-20230220-ja
Behavioral task
behavioral6
Sample
en-US/script/utils.vbs
Resource
win7-20230220-ja
Behavioral task
behavioral7
Sample
en-US/settings.html
Resource
win7-20230220-ja
Behavioral task
behavioral8
Sample
en-US/styles/default.css
Resource
win7-20230220-ja
Behavioral task
behavioral9
Sample
icon.png
Resource
win7-20230220-ja
Behavioral task
behavioral10
Sample
images/background.png
Resource
win7-20230220-ja
Behavioral task
behavioral11
Sample
images/go.png
Resource
win7-20230220-ja
Behavioral task
behavioral12
Sample
images/logo.jpg
Resource
win7-20230220-ja
Behavioral task
behavioral13
Sample
logo.png
Resource
win7-20230220-ja
Behavioral task
behavioral14
Sample
vwd.xml
Resource
win7-20230220-ja
General
-
Target
en-US/styles/default.css
-
Size
1KB
-
MD5
12f0c553a36ca642d86b60428c13a16a
-
SHA1
1419e5c82771fbeb38d1c5e29fbbeb81dabaa030
-
SHA256
d4f3690ad2e23d1a9e76741bf74a4e8175efb898742c835263a397795fb05de7
-
SHA512
05a156b03534a38e74e9406fffc5d18b2a48bad42184a00d66de19ec3c6e0246a0900c3f1cf84f72955870852202842c49fd2955e448f431a2058834722265a8
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1640 wrote to memory of 1388 1640 cmd.exe 28 PID 1640 wrote to memory of 1388 1640 cmd.exe 28 PID 1640 wrote to memory of 1388 1640 cmd.exe 28