Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

01/02/2024, 14:48 UTC

240201-r6nk8ahgfq 8

01/02/2024, 14:46 UTC

240201-r5rlgshgdr 3

Analysis

  • max time kernel
    23s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    01/02/2024, 14:46 UTC

General

  • Target

    setup.json

  • Size

    28B

  • MD5

    f4993c1cb73612115a9393e7f895a543

  • SHA1

    550341774c8c36ff1ebd6194df8448013ebb9b80

  • SHA256

    878dc7a5b708cbc7e9ab2465587c5a76f70b7e8bcbea871dde7583da6246940d

  • SHA512

    d73633e88f3cf504733b856b89a151a38d02f75a02b31684075b76344d72947353b0f70a14ebda03586a952fd6902a5d7734b0cd69382078e7bd85af6b9d6d0c

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 34 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\setup.json
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3040
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\setup.json
      2⤵
      • Modifies registry class
      PID:2680
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3004

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3004-24-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.