Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    153s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2023, 22:41

General

  • Target

    NitroGen/main.py

  • Size

    4KB

  • MD5

    fa6183a623395f0ab9481f7531ca7fe2

  • SHA1

    5358f133340928e04aecf5481b59728549f4c53d

  • SHA256

    5d20547db56ebd760e261d4689cac95b9c11b34860bd93017a730224a03c785b

  • SHA512

    a0e513598bc688a72520cc05ac8c900e89ef5174d9caa40b162540079589713ca695bf8f2690246e860ca66a23d8ae3365075e2dce5683c1475449b11d98a0b8

  • SSDEEP

    96:BnA3kNa8ZM3Wj5a/vRHgibx6NaQUY0xUuZE0fxJJTbOl+//llzg4GsNMds:asa8ZXjI/CJNaQBFuZE0fxJxRAu

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\NitroGen\main.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1688
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\NitroGen\main.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2652
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\NitroGen\main.py"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:3036

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    5be2815a10d5116db4b1e65acb0cf54e

    SHA1

    02500b9e7783570511d49dc4ed82cffab90a80dd

    SHA256

    3298dd2efac932b2a361832744ca7bf37c95504ef16e6feea0bc88229d69bcf3

    SHA512

    dc6b36b8961bb330b9967c029103126051023f4f4938ccabfe47b6250c1f2ea503418001a51696ec22936cb1cf4c858cee138f1dc3246e970ceb98abcb843195