Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Flaggex_V1.4.rar

windows7-x64

7

Flaggex_V1.4.rar

windows10-2004-x64

7

Flaggex V1...ex.exe

windows7-x64

7

Flaggex V1...ex.exe

windows10-2004-x64

7

flaggex.pyc

windows7-x64

3

flaggex.pyc

windows10-2004-x64

3

Flaggex V1...ig.txt

windows7-x64

1

Flaggex V1...ig.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    22/02/2024, 17:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    flaggex.pyc

  • Size

    9KB

  • MD5

    d401417dad834f69f76ce73db8f2235a

  • SHA1

    ceb68f416d5177267ff85c488691cf73ab57ecbb

  • SHA256

    2a9298ae278352c36765b0288729ead85a7e1461314fb3e8dc3fdc7ca0835f80

  • SHA512

    981536fc5c8335f5d9e9a5f0061d2962d2f1e2c8a3599da9413f938a16a7bb5505e5fbb3233ac02887d2fe5f8d0e14776257d37056e61b9567b104a8b63f356e

  • SSDEEP

    96:Cuvr67l7n0x7o75qRAlI7cX9DnYzeIE7wfQ1VFCWMJfqpUGw4YSHO9pcmjUqGYYH:CGi08RXRnuLEctqpBvu9pXUqGYyqSszK

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\flaggex.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1636
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\flaggex.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2516
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\flaggex.pyc"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2436

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    dcb04bf624de61ad76332d5a4f65e111

    SHA1

    8d07311c357a72b5a6394fa6d4a7d12ef8231e73

    SHA256

    6f7b10fa55ff73686c3835ad48acf453c08115eb6d560e2fd25a4ec131bd171f

    SHA512

    dc48a84579b525f1eaf1ae957ac347a645fd54fa8161d548683dc8578f47128a353baae506560716a1d1b97a8107e080be7b249a8bf8680e247c92d9cdb1007e

    Download Submit