Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    1800s
  • max time network
    1612s
  • platform
    windows7_x64
  • resource
    win7-20230621-en
  • resource tags

    arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
  • submitted
    01/07/2023, 15:36

General

  • Target

    controlloid-server-master/dist/linux/udev/77-controlloid-uinput.rules

  • Size

    70B

  • MD5

    76b1380215f173064b7c89553394c372

  • SHA1

    b5c22f19ec767a8ab35c982f7ad2cc6492d78e8d

  • SHA256

    39d0873154a96be37461ef6f61fdb1b03b6ed670f3a8ab2323b4a216f54550af

  • SHA512

    1235fb20ff99cb364dc57861b667c36c858a696d3dcd311648a785fa58ab84b0105bb52e81d3f616ee9ec59251a4888a8fb6bff6d86a22852340ea36c86219fc

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\controlloid-server-master\dist\linux\udev\77-controlloid-uinput.rules
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1352
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\controlloid-server-master\dist\linux\udev\77-controlloid-uinput.rules
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1876
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\controlloid-server-master\dist\linux\udev\77-controlloid-uinput.rules"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:1268

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    9b007f879831256109024b56003db8bd

    SHA1

    465364ff767f58393e8e3eaf37872062a3f0b26e

    SHA256

    d1c4d4add17dfdf5d29e3bc705b4934ee26c2c9db741131c5e7ff03f6a2989a7

    SHA512

    8b3607fc7bffde7e3f45b7e3577f64bd22198c2170b7a02fffa26c70e4192f7d791541bb0bba9652a3c79d3affe2bb855b18a22f4f91cf665f2144bdf52eb794