Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

d275063b09...bf.zip

windows7-x64

1

d275063b09...bf.zip

windows10-2004-x64

1

d275063b09...bf.zip

windows7-x64

1

d275063b09...bf.zip

windows10-2004-x64

1

LANC v2.exe

windows7-x64

3

LANC v2.exe

windows10-2004-x64

3

LoginTheme.dll

windows7-x64

1

LoginTheme.dll

windows10-2004-x64

1

MephTheme.dll

windows7-x64

1

MephTheme.dll

windows10-2004-x64

1

PREREQUISI...64.exe

windows7-x64

7

PREREQUISI...64.exe

windows10-2004-x64

7

PREREQUISI..._3.exe

windows7-x64

7

PREREQUISI..._3.exe

windows10-2004-x64

7

PREREQUISI...64.exe

windows7-x64

7

PREREQUISI...64.exe

windows10-2004-x64

7

PREREQUISI...86.exe

windows7-x64

7

PREREQUISI...86.exe

windows10-2004-x64

7

PcapDotNet...is.dll

windows7-x64

1

PcapDotNet...is.dll

windows10-2004-x64

1

PcapDotNet.Base.dll

windows7-x64

1

PcapDotNet.Base.dll

windows10-2004-x64

1

PcapDotNet...ns.dll

windows7-x64

1

PcapDotNet...ns.dll

windows10-2004-x64

1

PcapDotNet.Core.dll

windows7-x64

1

PcapDotNet.Core.dll

windows10-2004-x64

1

PcapDotNet...ts.dll

windows7-x64

1

PcapDotNet...ts.dll

windows10-2004-x64

1

oui.dat

windows7-x64

3

oui.dat

windows10-2004-x64

3

ports.dat

windows7-x64

3

ports.dat

windows10-2004-x64

3

Analysis

  • max time kernel
    157s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    28/09/2023, 19:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ports.dat

  • Size

    42KB

  • MD5

    0ee8e8d0002c559e47c11200c0cf0f9e

  • SHA1

    5e833e8d03928337b93be774789b4cfa50395419

  • SHA256

    d5f32b0e2026d1273d8a8797d7166b573394081b705fb87cefdd4a759634165f

  • SHA512

    d140c61173cd618a596154388ee1c21c1a4478a90d95345883e23b1427455767ea7a6d83b42c5ef38199364fcb7dd4d23b1107e2e7ef7965f8170c8be5b412b3

  • SSDEEP

    768:sDEvjTkkOVH8mX1qpH3Zgxl/UnlqNrSoFzAkmY2Zx5GaQX9DeNkubt+O:sQ8kO98mXYHpIBtxAkmY2ZiUzbtv

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\ports.dat
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1192
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\ports.dat
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2004
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ports.dat"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2676

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    cd51de6e9d084fb534dddae65802564a

    SHA1

    48c2e4e164e9b62e92e577e06d4cb63b03aab482

    SHA256

    4d60248540bc93ac97438862572c96fccd56736417526699d7fdcca20ccd9f74

    SHA512

    e24ffbfe527bf094c5b7db1054c68c4a0867ac255f0605e858c85919d3c040553e149bdfc71c535c7deed6ca2bc6194d06daf5d29c65cc89433710494d91b1e5

    Download Submit