Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19/01/2024, 10:05

General

  • Target

    com/appsflyer/oaid/R$string.class

  • Size

    1KB

  • MD5

    2de8a6e5d0ed2cfce013bc2765e15978

  • SHA1

    aa7a8e3c5ba2023bf628c4bf30b7747b252912f1

  • SHA256

    72309042e13c1b7c2d650ab7828d608b6321aa201f061b44c763a50e3774de76

  • SHA512

    1fa11993c8cc1faacba1c3a4f0f59319c5b5dcb7d70382333c577e46281eded04eb6ec015652ab5e50fe10b4893d475b496341f69ecb6d5019fca9b1fe96009b

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\com\appsflyer\oaid\R$string.class
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2868
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\com\appsflyer\oaid\R$string.class
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2592
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\com\appsflyer\oaid\R$string.class"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2916

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    fc475915558db066320c550b4f3d8d48

    SHA1

    5b8d0614c2da77a885828fee70190184b09dad43

    SHA256

    0d1ec25a795bbea782cc1132421d9697c331fcd72e03e0ef54039a1f8b96756e

    SHA512

    7706add6ceeae26aef1df7a775ed4c4ae66d03b6e3b56715c392eea92d408397f835fc55c144121638f7604fd1dd9959d5a88ec47f715183e332e51f0012b11f