Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

02dd1651a9...31.jad

windows7-x64

3

02dd1651a9...31.jad

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 20:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    02dd1651a94524d342a409bf683a9631.jad

  • Size

    25KB

  • MD5

    02dd1651a94524d342a409bf683a9631

  • SHA1

    912dae768dedf9b191ca69ea3e7d3272e4dc4275

  • SHA256

    05cee1374405e88c9c5b91ea071bbb034daf25fa8e961b42b2dc511015acdcbd

  • SHA512

    0ab9bb5d446342c903d67ef07de4332227d2cda107fd0cb74e2b34f79a86ddee53bce4f6670edf171276a92dae081863bafb38c38ade7f52a3a39c141a012508

  • SSDEEP

    768:+ymsXv3d8mUNX6Ep7zqfqhD/k10xqHc6yzN6Kaz/35Py:hFHOX6CHqqrxIE6/pPy

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\02dd1651a94524d342a409bf683a9631.jad
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\02dd1651a94524d342a409bf683a9631.jad
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2704
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\02dd1651a94524d342a409bf683a9631.jad"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    cbec52931fe778be975dc53baa926342

    SHA1

    fffd0b09e8bf015d0e807aa845423fd924a99e7a

    SHA256

    b2ae74ddcd2cd9dbf6bec554346455e5123c47960fb76ff0964f3ed4cea5c739

    SHA512

    daa74c25369e81c956bcd5e312866ffccf1dfbc18a4417f8a438d23135727724e1b5a95c25da60d080256dc7ee397344c783f8651536654949ff7d0b04d56edd

    Download Submit