Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

Arm Max_�...�).apk

android-9-x86

5

Arm Max_�...�).apk

android-10-x64

1

Arm Max_�...�).apk

android-11-x64

5

highlight-init.js

windows7-x64

1

highlight-init.js

windows10-2004-x64

1

highlight.js

windows7-x64

1

highlight.js

windows10-2004-x64

1

jquery-3.1.1.min.js

windows7-x64

1

jquery-3.1.1.min.js

windows10-2004-x64

1

mathjax-config.js

windows7-x64

1

mathjax-config.js

windows10-2004-x64

1

my-script.js

windows7-x64

1

my-script.js

windows10-2004-x64

1

tooltipster-init.js

windows7-x64

1

tooltipster-init.js

windows10-2004-x64

1

tooltipste...in.css

windows7-x64

3

tooltipste...in.css

windows10-2004-x64

3

tooltipste...min.js

windows7-x64

1

tooltipste...min.js

windows10-2004-x64

1

Resubmissions

10/08/2023, 16:05

230810-tjfyzage7s 7

10/08/2023, 15:55

230810-tc5czsgd6t 7

10/08/2023, 15:45

230810-s7ekdagc4x 7

10/08/2023, 15:44

230810-s6nfwsee43 7

10/08/2023, 15:41

230810-s42whagb9y 7

28/04/2023, 11:09

230428-m88lysfe41 7

02/04/2023, 13:37

230402-qwvfcahh4v 7

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    10/08/2023, 15:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tooltipster.bundle.min.css

  • Size

    6KB

  • MD5

    0213a269e84c94f18378712fa1aebd2f

  • SHA1

    c602041adde9c8e618d944f96cc4e5ff9ff414e9

  • SHA256

    1db93c9b2b6e416c611e6d66cd018e2fd23980f8c520143e21800512da8604f9

  • SHA512

    e1f1c5af10007635f5c7f62cff1b8b1e668dc239925e03be7e4b5a90a0d483a579844d052878aef13be687ac7b743fedb9907eb7f22053204ce69e5e51e67b72

  • SSDEEP

    48:54hhD/R5uj4ib5iet6hN3gN6ro8poDopJioeSJt482R8VbogEyn2tinQ4CPJP7mS:54rRI4iVhsgN6EGpJJZR2RcsR

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\tooltipster.bundle.min.css
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2440
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\tooltipster.bundle.min.css
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads