Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

537c7b85e8...70.jad

windows7-x64

3

537c7b85e8...70.jad

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 04:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    537c7b85e81c59691bc759b6069e1b70.jad

  • Size

    68KB

  • MD5

    537c7b85e81c59691bc759b6069e1b70

  • SHA1

    e40974cf6cd5de49f409de7527aa5a1f972663b9

  • SHA256

    5b5191b73176b5f055130c09eda80bdda84b81a13668847c191647592cdefc9b

  • SHA512

    5a223a2f4e6e03316f9f0ddb4a64a6c907f0f23390b77de6109416b4d010142366d412de1ebcd413786629c9e888b55b55261bfb37698fca6ee7c1c6acef4e05

  • SSDEEP

    1536:EjUcFC+MEckiwy7GtW2insgvrGoZNGtW2insgvrGoZB:EjUctok67ZsArG8ZsArGu

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\537c7b85e81c59691bc759b6069e1b70.jad
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\537c7b85e81c59691bc759b6069e1b70.jad
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2816
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\537c7b85e81c59691bc759b6069e1b70.jad"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    d2f80edc9467ecb30bfa0a5adf525060

    SHA1

    894534c16fd87284375da56682905f1b235aad56

    SHA256

    6d080d1f4bfd6fb59239f61fe117008f8b7f1fece2b5aa2730311d8ba06df7b9

    SHA512

    67003e7002744eef23a8b6636c5fabe8622730b46a647720cd9bcb9289b3bc6d38e06d977e26a06187418b786a3df0b66ed9fb2e23e3af5b078aab8c06f5917c

    Download Submit