Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

christmasl...wn.zip

windows7-x64

en-US/flyout.html

windows7-x64

1

en-US/gadget.html

windows7-x64

1

en-US/gadget.xml

windows7-x64

1

en-US/script/utils.js

windows7-x64

1

en-US/scri...ls.vbs

windows7-x64

1

en-US/settings.html

windows7-x64

1

en-US/styl...lt.css

windows7-x64

3

icon.png

windows7-x64

3

images/background.png

windows7-x64

3

images/go.png

windows7-x64

3

images/logo.jpg

windows7-x64

3

logo.png

windows7-x64

3

vwd.xml

windows7-x64

1

Analysis

  • max time kernel
    1597s
  • max time network
    1601s
  • platform
    windows7_x64
  • resource
    win7-20230220-ja
  • resource tags

    arch:x64arch:x86image:win7-20230220-jalocale:ja-jpos:windows7-x64systemwindows
  • submitted
    16/05/2023, 06:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    en-US/styles/default.css

  • Size

    1KB

  • MD5

    12f0c553a36ca642d86b60428c13a16a

  • SHA1

    1419e5c82771fbeb38d1c5e29fbbeb81dabaa030

  • SHA256

    d4f3690ad2e23d1a9e76741bf74a4e8175efb898742c835263a397795fb05de7

  • SHA512

    05a156b03534a38e74e9406fffc5d18b2a48bad42184a00d66de19ec3c6e0246a0900c3f1cf84f72955870852202842c49fd2955e448f431a2058834722265a8

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\en-US\styles\default.css
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1640
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\en-US\styles\default.css
      2⤵
        PID:1388

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads