Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

khaosat_tr....doc_1

windows7-x64

3

khaosat_tr....doc_1

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2023, 14:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    khaosat_trieuchung.doc_1

  • Size

    43KB

  • MD5

    167949ba90da85c8b56878d95be19c1a

  • SHA1

    d9d0e6f1f0d368d77897c784faf73019b36fbbe9

  • SHA256

    9cafe1ff820182f2d33d662bc3b4018caf27c49d50242573f9620f06001c582f

  • SHA512

    cfe9a3179f2ad7c1ad401fafaa8cc8d043cb994513d57e2e01c2b4133b4d0d3636ffa2af5b017d16fe044a97331832af10f40c06c2eebb47332915a74293be6d

  • SSDEEP

    384:r+ql8iSUR/8dQwn+zmkYEbMGceEfzbm2ue0n0g5mrLI7aRBZy0jJxAtt:6qT/qMmkYUhEbyVe00g5mrLQaR6

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\khaosat_trieuchung.doc_1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1720
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\khaosat_trieuchung.doc_1
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2664
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\khaosat_trieuchung.doc_1"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2628

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    46531f32199983145438adeb8a98820a

    SHA1

    ccc83279b847c2f20e9567af9177aa329a4c4124

    SHA256

    c6da2360ec2e63068dd9da6a989daf468c61f9d76082fa7cff663f8a1348b8c9

    SHA512

    a24da5eada3ce6e2e5a091b67d1c157f28db9631c6f86f5e3c818e231f079ae375af3461050cb5e469dbd3e9a4599ef19fa6297899571cf1249e9e1e52d33598

    Download Submit