Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    122s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    19/02/2024, 20:04

General

  • Target

    icudtl.dat

  • Size

    10.1MB

  • MD5

    2c367970ac87a9275eeec5629bb6fc3d

  • SHA1

    399324d1aeee5e74747a6873501a1ee5aac005ee

  • SHA256

    17d57b17d12dc5cfbf06413d68a06f45ccf245f4abdf5429f30256977c4ed6de

  • SHA512

    f788a0d35f9e4bebe641ee67fff14968b62891f52d05bf638cd2c845df87f2e107c42a32bbe62f389f05e5673fe55cbdb85258571e698325400705cd7b16db01

  • SSDEEP

    98304:TfPBQYOo+ddlymYf2LfPQCvliXUxiG9Ha93Whla6ZENSs285:TfPBhORjYAHliXUxiG9Ha93Whla6ZEV7

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\icudtl.dat
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2376
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\icudtl.dat
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2300
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\icudtl.dat"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2688

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    744fef6450281fd87bfba702c1aa22ef

    SHA1

    c9c9202f401a2e6025b3bc98b20ed551335a794d

    SHA256

    0a3250f14bf2f3febbfe63b19fe6a405c37da711d63b974c1e051d19050f0e7a

    SHA512

    4a9b605a6c4169608fbeb26a6f8c3143f8820b83aca841fd2107cc494833a6b802366483a4c77a227393d61b19b67c48825077c7b7dcdf44a435a28896a2037f