Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

Lucifer_21.zip

windows7-x64

1

Lucifer_21.zip

windows10-2004-x64

1

Lucifer/attacks.json

windows7-x64

3

Lucifer/attacks.json

windows10-2004-x64

3

Lucifer/br...in.tfx

windows7-x64

3

Lucifer/br...in.tfx

windows10-2004-x64

3

Lucifer/br...er.tfx

windows7-x64

3

Lucifer/br...er.tfx

windows10-2004-x64

3

Lucifer/br...sg.tfx

windows7-x64

3

Lucifer/br...sg.tfx

windows10-2004-x64

3

Lucifer/br...lp.tfx

windows7-x64

3

Lucifer/br...lp.tfx

windows10-2004-x64

3

Lucifer/br...fo.tfx

windows7-x64

3

Lucifer/br...fo.tfx

windows10-2004-x64

3

Lucifer/br...sg.tfx

windows7-x64

3

Lucifer/br...sg.tfx

windows10-2004-x64

3

Lucifer/br...ds.tfx

windows7-x64

3

Lucifer/br...ds.tfx

windows10-2004-x64

3

Lucifer/br...es.tfx

windows7-x64

3

Lucifer/br...es.tfx

windows10-2004-x64

3

Lucifer/br...ls.tfx

windows7-x64

3

Lucifer/br...ls.tfx

windows10-2004-x64

3

Lucifer/cnc.exe

windows7-x64

1

Lucifer/cnc.exe

windows10-2004-x64

1

Lucifer/cnc/auth.js

windows7-x64

1

Lucifer/cnc/auth.js

windows10-2004-x64

1

Lucifer/cnc/conf.go

windows7-x64

3

Lucifer/cnc/conf.go

windows10-2004-x64

3

Lucifer/cn...ase.go

windows7-x64

3

Lucifer/cn...ase.go

windows10-2004-x64

3

Lucifer/cn...kup.go

windows7-x64

3

Lucifer/cn...kup.go

windows10-2004-x64

3

Resubmissions

13/02/2024, 03:28

240213-d1bskshe72 7

13/02/2024, 03:26

240213-dzfp5shd54 7

Analysis

  • max time kernel
    122s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    13/02/2024, 03:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Lucifer/branding/tools.tfx

  • Size

    16KB

  • MD5

    92d1d945d43fd377fde2dcd710e0f4b1

  • SHA1

    d0fd62870e5cba1c7fe0184f87ede580979456c1

  • SHA256

    e7ab4393867edac46f0f8a3334b8cfa0c659f76254404c57c0f6f1eca6407520

  • SHA512

    bef4edce4b2a82e93bc3e92693fc064fa57984df1fb3b7faf9f6e27162d7baa64277ca1784a3b1167a97d2ea4909047022f3960068303f2c9cad242d89c60fcc

  • SSDEEP

    384:hlcM5ca8eTx+wKIrlIwkhkQAESAqxLGkOhkqdlcM5ca8eTx+wKIrlIwkhkQAESAf:hlcM5ca8eTx+wKIrlIwkhkQAESAqxLGQ

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Lucifer\branding\tools.tfx
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1456
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Lucifer\branding\tools.tfx
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2724
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Lucifer\branding\tools.tfx"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    e0115928e95a25663b0d957c97cea538

    SHA1

    801e043e9403a8dede53f28143ef3bd9f6eb6d2e

    SHA256

    7f79e13528934abe3f688d10b12a2ce4410058e13d17e8dc4ad4db285e7ff811

    SHA512

    b2ca25b5bd8a7948b08258eac2fc60954393ae678f19be9660ef1b44a0223aa039b350d25abc9110f788362be37e8935fb4bcf8e403315b3ae47f99201bbc2e2

    Download Submit