Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
35s -
max time network
21s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
19/02/2024, 17:11
Static task
static1
Behavioral task
behavioral1
Sample
Palworld 0.1.3.0 Hotfix to 0.1.4.0.rar
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Palworld 0.1.3.0 Hotfix to 0.1.4.0.rar
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
Crack/Palworld.exe
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
Crack/Palworld.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
Palworld 0.1.3.0 Hotfix to 0.1.4.0.exe
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
Palworld 0.1.3.0 Hotfix to 0.1.4.0.exe
Resource
win10v2004-20231215-en
General
-
Target
Palworld 0.1.3.0 Hotfix to 0.1.4.0.rar
-
Size
146.1MB
-
MD5
a6b013f2b90d70092c44b9f8f3803a5d
-
SHA1
b2669400d75b00cec691a06b597ebb7b086ad808
-
SHA256
a4483fc2d8cc6f8dc08b9251895bbaa3177e485c6e2318bb1f603694ebecafea
-
SHA512
9714ba8ddd3ab8fd76f4637e805133c0e8456b4a87c19289ac5a91f0da4da95b026ee7fb0662e4a992f2542b7859e11ee9b6de6baad0b4f5ea740d0c4debb67f
-
SSDEEP
3145728:+ojCLiaWvhBPdI6/TE2f0kCjhHDdwV6eRIgNRz6E9zfByir8adJR9Ya:0rWDPdNbT0pjhH5wVd7Rz/9lyi9Jwa
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2744 7zFM.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeRestorePrivilege 2744 7zFM.exe Token: 35 2744 7zFM.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2744 7zFM.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1652 wrote to memory of 2744 1652 cmd.exe 29 PID 1652 wrote to memory of 2744 1652 cmd.exe 29 PID 1652 wrote to memory of 2744 1652 cmd.exe 29
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Palworld 0.1.3.0 Hotfix to 0.1.4.0.rar"1⤵
- Suspicious use of WriteProcessMemory
PID:1652 -
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Palworld 0.1.3.0 Hotfix to 0.1.4.0.rar"2⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2744
-