Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

Uran CS2.rar

windows7-x64

3

Uran CS2.rar

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-de
  • resource tags

    arch:x64arch:x86image:win7-20231215-delocale:de-deos:windows7-x64systemwindows
  • submitted
    24/01/2024, 21:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Uran CS2.rar

  • Size

    38.0MB

  • MD5

    8b6617524bb741c3f00eb88ac2f0d9b5

  • SHA1

    f7501da657d099e0439a867eccd74fabc985c1b0

  • SHA256

    e648207af37f468799d44ebe4690ac5fcf3a7f57dba0a5cf9a90624bb9c9f9ce

  • SHA512

    2f59c5b669fcffd09ad66cbb9f09f7023f3d199cb78832bc2545550d164563f3e657b6f58bf43c07d8727ff4bf1ef0f8412174710e55051e15468a329fc51a99

  • SSDEEP

    786432:of/VrBEP5AIW9lnZTkEtN7C4Yucp5dAK2biQXOSbiU:uVuRAICnZxN29/7MeSWU

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Uran CS2.rar"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2760
    • C:\Program Files\7-Zip\7zFM.exe
      "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Uran CS2.rar"
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:2864

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads