Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

5ed6f4456b...60.lnk

windows7-x64

1

5ed6f4456b...60.lnk

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 08:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5ed6f4456b8540507a386d595167b960.lnk

  • Size

    1KB

  • MD5

    5ed6f4456b8540507a386d595167b960

  • SHA1

    186c32f8e567588486a42b38d2a6f2b0649995b7

  • SHA256

    26a2674c215833b1381bf8471ff298be25064ac96bf7e1d5232441133be89c6e

  • SHA512

    1bd56ff6c7a06caae54deb86438fd02e5b89c73d34d343bb7757a3cb129da2e40384124dda15bd741a95ca6b16592d62045791fa8a55afac9c81a3e9dbbac69f

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\5ed6f4456b8540507a386d595167b960.lnk
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4188
    • C:\WINDOWS\system32\cmd.exe
      "C:\WINDOWS\system32\cmd.exe" /c "start %cd%RECYCLER\6dc09d8d.exe &&C:\Windows\explorer.exe %cd%21f741d9b72c54a22d48
      2⤵
        PID:3976

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads