Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

apk_1697589273998.apk

android-9-x86

1

apk_1697589273998.apk

android-11-x64

1

D1F6qdxW5G...YY.xls

windows7-x64

1

D1F6qdxW5G...YY.xls

windows10-2004-x64

1

DoaeSzkHj1...CX.xls

windows7-x64

1

DoaeSzkHj1...CX.xls

windows10-2004-x64

1

E.bat

windows7-x64

1

E.bat

windows10-2004-x64

1

MnFM6Eg6RA...iS.pdf

windows7-x64

1

MnFM6Eg6RA...iS.pdf

windows10-2004-x64

1

NdP63IdfX8...iz8.py

windows7-x64

3

NdP63IdfX8...iz8.py

windows10-2004-x64

3

Q.doc

windows7-x64

4

Q.doc

windows10-2004-x64

1

QrjLyBiXj1...1.docx

windows7-x64

4

QrjLyBiXj1...1.docx

windows10-2004-x64

1

R.bat

windows7-x64

1

R.bat

windows10-2004-x64

1

SiL3QjQCkz...Jr.pdf

windows7-x64

1

SiL3QjQCkz...Jr.pdf

windows10-2004-x64

1

T2Rzf6tyOo...FX.xls

windows7-x64

1

T2Rzf6tyOo...FX.xls

windows10-2004-x64

1

Z.bat

windows7-x64

1

Z.bat

windows10-2004-x64

1

base_fragment.sh

windows7-x64

3

base_fragment.sh

windows10-2004-x64

3

base_vertex.sh

windows7-x64

3

base_vertex.sh

windows10-2004-x64

3

default_fragment.sh

windows7-x64

3

default_fragment.sh

windows10-2004-x64

3

default_vertex.sh

windows7-x64

3

default_vertex.sh

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    29/10/2023, 08:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    base_vertex.sh

  • Size

    188B

  • MD5

    8ca61f9c38649d70235b0d9b9fd2d8e4

  • SHA1

    4c3d34710f1d951ac371f88657cab92977da8b32

  • SHA256

    87fd875bdcb0e0ef9a91a350dd536066a86b22d6b16cd1d7398639040c5619d8

  • SHA512

    f137b0df7b7511d0b73c9cc67ca1b1b76dfc333199f598c22e8e6e651f4d180daa1fcb39c3d857ef907b1052508d7e125c8a2dae9527cffcfc120b97edc78fcf

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\base_vertex.sh
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1692
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\base_vertex.sh
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2792
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\base_vertex.sh"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2812

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    fedd211d89e9f58a35d29f6f29e5faf4

    SHA1

    f2759dc4062fb88ad9163c1abeccd9779ccc1f1e

    SHA256

    58d2ab990f7ac50d60e30856ac426efa656b006f74cbdf390eb9bdf3810b7172

    SHA512

    239c898fd714e67c953f41f5049abb0235ca6510ba8cc67e954d9f220ca9c9f1fa79120ddd669fd07bccdc45aa180e33388e5eda3682cc336611304fc3196f65

    Download Submit