Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

8da535a490...9b.jad

windows7-x64

3

8da535a490...9b.jad

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    03/02/2024, 23:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8da535a4904529207369a3f35a99969b.jad

  • Size

    68KB

  • MD5

    8da535a4904529207369a3f35a99969b

  • SHA1

    bcfe379ae6b516b646b90d12ef8293769ec44a69

  • SHA256

    48c30cfdf9294fe303c3e1efd83ddeba533f6934cb09e48e2a593587c7eed592

  • SHA512

    21ee380e89a7d24e83c8b3b9763b42040b65aeb80587e0351fd6b92cebccbd16af229201b1ab7cc0b4e09fb7c200da10aee24591c697039787b68c13ecee3a0f

  • SSDEEP

    1536:EjUcFC+MEc9wy7GtW2insgvrGoZNGtW2insgvrGoZb:EjUctoj7ZsArG8ZsArGM

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\8da535a4904529207369a3f35a99969b.jad
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1684
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\8da535a4904529207369a3f35a99969b.jad
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:3012
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\8da535a4904529207369a3f35a99969b.jad"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2644

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    614c4ec0cff0a83a577908859847423b

    SHA1

    aff197f2ec465ce54f53a9fd0d635ff2918971bb

    SHA256

    8385d51541dd6880c97991bfdfbf66a9367fd0cd8b85aee43ad951da950578e8

    SHA512

    706b565bde8273441b7d91ed429cb050c49ef9f59217e10683863c2bcd1f48aee722cd5f73703f83996e01d252f57010c7d9b991beb3be91329c1a4cd182e8bd

    Download Submit