Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

3

8D8089F9-4...nt.zip

windows7-x64

1

8D8089F9-4...nt.zip

windows10-2004-x64

5

AUTO-30936.pdf

windows7-x64

1

AUTO-30936.pdf

windows10-2004-x64

1

Informacio...TE.pdf

windows7-x64

1

Informacio...TE.pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/07/2023, 18:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8D8089F9-4951-4697-972D-E2950386AF52.1_attachment.zip

  • Size

    6.4MB

  • MD5

    b5cd62b2f31d20a2542b4b7ed320fd9d

  • SHA1

    750caa97ea203027a7a7b326e42fce6eeab2d6fb

  • SHA256

    9777bfba8aec841c3ae8f6a43a5386342f68a34c68bdb903e2113f08586d8450

  • SHA512

    de6d2dc1b5322f98e5acf5ed1fef1568e0dee4a5ed04c2981eb0c09baee3b772075a02cfcc019bb9545d86b9711038f4951be46c7aa39edc772eea1f0c2e647a

  • SSDEEP

    98304:V/YmqSiEEwVdb0jCuoq2DwzyWCreFwcEKcLTcbhuJTaA0/ijZ2/5K3W1FX:WgVdb0jQqFzycvcLTKuJ+A8iu4WH

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\8D8089F9-4951-4697-972D-E2950386AF52.1_attachment.zip
    1⤵
      PID:1156
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k netsvcs -p
      1⤵
      • Drops file in System32 directory
      • Checks processor information in registry
      • Enumerates system info in registry
      PID:3168

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads