Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    29/01/2024, 13:44

General

  • Target

    KDocks.exe

  • Size

    427KB

  • MD5

    73231e8612e3955b328528efda1b33c8

  • SHA1

    e6f3c4ce06365cb18141105e9c163f3d01db22c7

  • SHA256

    ff83005725b53746345cb92ffd49a49458325e4fc757248923a034d95804759f

  • SHA512

    597dd7c9e4576e8db7ac98c9d6c366702d1d3c4e3bf410ed7fa9015211e9610fb9627ef4820373a5101e2b8b406d477a8974beee7e102d33807cbeec15833a5f

  • SSDEEP

    12288:ECybNrrHyjWTa2wc4TXtUkAhZgT6+DzgNw:qdrS5kGtdFG

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 6 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\KDocks.exe
    "C:\Users\Admin\AppData\Local\Temp\KDocks.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:1788

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads