Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

controlloi...er.zip

windows7-x64

1

controlloi...er.zip

windows10-2004-x64

1

controlloi...ignore

windows7-x64

3

controlloi...ignore

windows10-2004-x64

3

controlloi...ICENSE

windows7-x64

1

controlloi...ICENSE

windows10-2004-x64

1

controlloi...DME.md

windows7-x64

3

controlloi...DME.md

windows10-2004-x64

3

controlloi...andler

ubuntu-18.04-amd64

1

controlloi...art.sh

ubuntu-18.04-amd64

3

controlloi...art.sh

debian-9-armhf

3

controlloi...art.sh

debian-9-mips

3

controlloi...art.sh

debian-9-mipsel

3

controlloi....rules

windows7-x64

3

controlloi....rules

windows10-2004-x64

3

controlloi...tup.sh

ubuntu-18.04-amd64

3

controlloi...tup.sh

debian-9-armhf

3

controlloi...tup.sh

debian-9-mips

3

controlloi...tup.sh

debian-9-mipsel

3

controlloi...HANGES

windows7-x64

1

controlloi...HANGES

windows10-2004-x64

1

controlloi...DME.js

windows7-x64

1

controlloi...DME.js

windows10-2004-x64

1

controlloi...ocketd

ubuntu-18.04-amd64

3

controlloi...ce.dll

windows7-x64

1

controlloi...ce.dll

windows10-2004-x64

1

controlloi...er.exe

windows7-x64

1

controlloi...er.exe

windows10-2004-x64

1

controlloi...rt.bat

windows7-x64

7

controlloi...rt.bat

windows10-2004-x64

7

controlloi...te.exe

windows7-x64

1

controlloi...te.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    1800s
  • max time network
    1609s
  • platform
    windows7_x64
  • resource
    win7-20230621-en
  • resource tags

    arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
  • submitted
    01/07/2023, 15:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    controlloid-server-master/.gitignore

  • Size

    22B

  • MD5

    453c975b74d196c81f073246691d51cc

  • SHA1

    d84d876dceb4dc9c2cb030b79ad8ab52ab21c510

  • SHA256

    81e75df7d1a65daa41afb90a70eb5777dcd604e495a7bb27c1013cca68a18ddc

  • SHA512

    60252715023561c6fbec70d43b3b0993891f1b99f344842c6c6ce58a6c4904e5efb31dbd9ca29ccc436f318d325e383167c9964aaf93d132e99c66416b8264b0

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\controlloid-server-master\.gitignore
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1204
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\controlloid-server-master\.gitignore
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1304
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\controlloid-server-master\.gitignore"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:1736

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    861b76d6a8773a5c59f5a6e753a90efa

    SHA1

    138a55ffe9687a68b3d75aa0fbcbd62fb26b0ec5

    SHA256

    e49d205fceeb43c2b9e8fab64dba46a2096e34620d172c6bc237f5a53c18645b

    SHA512

    8dc710ed1b923fa75fb8f23d869fcbf2e0575375ac5ce9f2a145d6ddd076885b6de992a5004bf606a70a38a2e98f4f6d87a79e8712057b04110e6fc9e8cbbb93

    Download Submit