Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

powerbombe...7c.zip

windows7-x64

6

powerbombe...7c.zip

windows10-2004-x64

1

FMODGMS.dll

windows7-x64

1

FMODGMS.dll

windows10-2004-x64

1

Power Bomberman.exe

windows7-x64

1

Power Bomberman.exe

windows10-2004-x64

1

SDL.dll

windows7-x64

1

SDL.dll

windows10-2004-x64

1

data.win

windows7-x64

3

data.win

windows10-2004-x64

3

fmod.dll

windows7-x64

3

fmod.dll

windows10-2004-x64

3

joydll.dll

windows7-x64

1

joydll.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    102s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    26/01/2024, 18:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    data.win

  • Size

    48.2MB

  • MD5

    3c9b62abdbaf0741c244acfb8d9cd3e8

  • SHA1

    e1e8a3df77b689f7e533f4b3da5ec08ab66ecd4e

  • SHA256

    bada049b1b77f4366a1ca96c968a1f77fe73f3a6b61f3335d7cd3813d52f5869

  • SHA512

    1cd41078a71ac090ae9e253ad64be7d4e041fcf398313fbfdce09480d06bb457c667c8072a5176c27f621ecd29a3a2c6e3fa2e3cf56e767746da0b13966c7cd7

  • SSDEEP

    393216:QB0/WAcn/P3y+EVuJnOheruyx70xNMWdaS8Nv+p3e2gp1FUJbs+ka3R10:Q+/ISwnOsn70nDdkvm3e2gtgbs+FRG

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\data.win
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1540
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\data.win
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1876
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\data.win"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2644

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    c843eee57dbb673684040db0d9493b21

    SHA1

    ad6ffa1fdbab42cd9388610e800855a15ff7dacd

    SHA256

    d6c9ca93c4134e5961e607f69b42ede9b0fa3f3b2b0e5cdb2b4bce37de1b685d

    SHA512

    b3c73c4cffeaa579ac30a2a068623635587559b4c8112d1ec2a34ab295c62970077c32b0b72670cc62e8ab1f9301cc526d62faa68cec435ee88b7908d7f01e64

    Download Submit