Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-de -
resource tags
arch:x64arch:x86image:win7-20231215-delocale:de-deos:windows7-x64systemwindows -
submitted
24/01/2024, 21:46
Static task
static1
Behavioral task
behavioral1
Sample
Uran CS2.rar
Resource
win7-20231215-de
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
Uran CS2.rar
Resource
win10v2004-20231215-de
6 signatures
150 seconds
General
-
Target
Uran CS2.rar
-
Size
38.0MB
-
MD5
8b6617524bb741c3f00eb88ac2f0d9b5
-
SHA1
f7501da657d099e0439a867eccd74fabc985c1b0
-
SHA256
e648207af37f468799d44ebe4690ac5fcf3a7f57dba0a5cf9a90624bb9c9f9ce
-
SHA512
2f59c5b669fcffd09ad66cbb9f09f7023f3d199cb78832bc2545550d164563f3e657b6f58bf43c07d8727ff4bf1ef0f8412174710e55051e15468a329fc51a99
-
SSDEEP
786432:of/VrBEP5AIW9lnZTkEtN7C4Yucp5dAK2biQXOSbiU:uVuRAICnZxN29/7MeSWU
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeRestorePrivilege 2864 7zFM.exe Token: 35 2864 7zFM.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2864 7zFM.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2760 wrote to memory of 2864 2760 cmd.exe 29 PID 2760 wrote to memory of 2864 2760 cmd.exe 29 PID 2760 wrote to memory of 2864 2760 cmd.exe 29
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Uran CS2.rar"1⤵
- Suspicious use of WriteProcessMemory
PID:2760 -
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Uran CS2.rar"2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2864
-