Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    156s
  • max time network
    51s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    11/07/2023, 02:43

General

  • Target

    x-0001-battleclass-player.rpyc

  • Size

    1KB

  • MD5

    360394871040ca5760dbd0d903001c81

  • SHA1

    9fbfbf7cd435d1640121a1c987376fcf9bc6e0fa

  • SHA256

    dd91d5cca38645f9876701803f4a2bf22236d8641dd267b79110372993245014

  • SHA512

    dc2cd4783cc76e347cd1771770314ef0379254df566741cebf58af58e7d2792dce830be9271ce96b256d57c2085e55ab4ccc65b9dc7417c41db2b5b1fd86a318

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\x-0001-battleclass-player.rpyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3064
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\x-0001-battleclass-player.rpyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2116
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\x-0001-battleclass-player.rpyc"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:1672

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    626f399d39bd4972ecdcbfb06a3cd1c9

    SHA1

    414742fe8fb8cc8b2065c86161b6d933c791eab8

    SHA256

    a0b7df332e270a6870befe4d181ded9d5e9a62497512ba789ebf6f84d6307a65

    SHA512

    f0e7f0602a88a8e629e1a9893fddf45cab5f0390eb456a520887b00c1db94a4ab40bf79bcb23c578d60bf170854b4340bfd07cfb0997e3511454532e8dd89a9c