Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

5j1yFYZ7wftOfBeB

windows7-x64

1

5j1yFYZ7wftOfBeB

windows10-2004-x64

1

6ulq7PkQ4jMa3CG3

windows7-x64

1

6ulq7PkQ4jMa3CG3

windows10-2004-x64

1

7UKgaRjbLtj7Nmd3

windows7-x64

1

7UKgaRjbLtj7Nmd3

windows10-2004-x64

1

EUlp3EBVoZzDusIE

windows7-x64

1

EUlp3EBVoZzDusIE

windows10-2004-x64

1

FwNX79XwxL713ubH

windows7-x64

1

FwNX79XwxL713ubH

windows10-2004-x64

1

IgXYrHdIyByyYZ23

windows7-x64

1

IgXYrHdIyByyYZ23

windows10-2004-x64

1

IxpMALudDFwYVaf5

windows7-x64

1

IxpMALudDFwYVaf5

windows10-2004-x64

1

JqEzfGnwc8hnAIwY

windows7-x64

1

JqEzfGnwc8hnAIwY

windows10-2004-x64

1

LEMqqtVPF49FmZ7W

windows7-x64

1

LEMqqtVPF49FmZ7W

windows10-2004-x64

1

RuntimeIni...s.json

windows7-x64

3

RuntimeIni...s.json

windows10-2004-x64

3

ScriptingA...s.json

windows7-x64

3

ScriptingA...s.json

windows10-2004-x64

3

System.Dat...es.dat

windows7-x64

3

System.Dat...es.dat

windows10-2004-x64

3

URodfDhi1apVS2I5

windows7-x64

1

URodfDhi1apVS2I5

windows10-2004-x64

1

UnityServi...n.json

windows7-x64

3

UnityServi...n.json

windows10-2004-x64

3

V21k9r3Ax9VAZivr

windows7-x64

1

V21k9r3Ax9VAZivr

windows10-2004-x64

1

VBpk2rQvTZJtfs5Y

windows7-x64

1

VBpk2rQvTZJtfs5Y

windows10-2004-x64

1

Analysis

  • max time kernel
    153s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    18/09/2023, 09:53 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ScriptingAssemblies.json

  • Size

    4KB

  • MD5

    f32d760eadbea1f7cce100cdb4f907da

  • SHA1

    bc756e9a885c58dcf2f90e9cdc6857c03fcc6ef2

  • SHA256

    2282eb71ba3d38f79e47a5bf4970a0595c3df03eda4aa04c5e40fdf0a2be80fe

  • SHA512

    6a865094c1dee48d00d32176bac6bf4b53c3746e5ed914cd3e7ff5ff07940ac19f426c124225d532041daf21e7c7549f1d8d1857382c42ea1287d13cb0c6ba7b

  • SSDEEP

    48:YXNxXrj3RlClouNuQGoSfTG/xupYxIzeuTTrk2K:MjhlMouNt5uaxI3PrFK

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\ScriptingAssemblies.json
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2036
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\ScriptingAssemblies.json
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2640
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ScriptingAssemblies.json"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    41f6eeb72a96ef8417501fe3b964f781

    SHA1

    ebad0c363dbcdefb7b2241f94888a72fb263ba0a

    SHA256

    190eae339dccf15753ee846d4e8576867dcbdf43b3a82625b351de4736168ea8

    SHA512

    bc5d8e499472c7a11d11389a4a96160f55918ea74a9a7da7643ea67fdc4a824fa1ee7867a77485486481e65a4bc1de5438410e0be28f3459c7694961b249d29a

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.