Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

3bbd2f935b...cc.lnk

windows7-x64

3

3bbd2f935b...cc.lnk

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    01/01/2024, 03:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3bbd2f935be117be82683cf2d7f16acc.lnk

  • Size

    1KB

  • MD5

    3bbd2f935be117be82683cf2d7f16acc

  • SHA1

    4b04be6975e730afe474e670ab595f02a22c35fc

  • SHA256

    362f95cf986b8077e482f1fd16ae10fd624725adda58f9b9bfbfcfd11db07e31

  • SHA512

    06f832c34526d241c7d18fffe32b683178d0a70517b5c8d455a544c110106e9b58247521ce39ef959a01a60d8401d7fc035dbbb6fe81d7dfb6d96a35e71ceab1

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\3bbd2f935be117be82683cf2d7f16acc.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1744
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c set zz=Files.bat& cmd.exe /c %zz% > nul& cd Files& cmd.exe /c "Log.txt"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2792
      • C:\Windows\system32\cmd.exe
        cmd.exe /c "Log.txt"
        3⤵
          PID:2736
        • C:\Windows\system32\cmd.exe
          cmd.exe /c %zz%
          3⤵
            PID:2688

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads