Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
28/02/2024, 22:52
General
-
Target
r.rbxm
-
Size
16KB
-
MD5
4ba68770e1ef7c45fa91be941ad26af0
-
SHA1
10b51d3207db5b55548b6eb131918c3368e7cfd9
-
SHA256
bf2b00c0db85aaff70aef27c502fc449e04101db4c267fa0bb2f4bc8a6896d7d
-
SHA512
7f5385813d19c025283aa3114df982b8603e9b5623057206dff08eab7b35e5a8012a6b139072b60c50cf48d0b4dff3ae3216101ab8a701a3ef58c7ec311fee97
-
SSDEEP
192:53Ehhj8/wPIlZIfb9meCa1W002ISOjY9b4en9zbqgyuFhgQbI+CJ+LUCaU4t+:wq0IIfpCao002ISOUbXvqgyujNdLUlt+
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\r.rbxm1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\r.rbxm2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\r.rbxm"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD50421309ba9f70e23d7f87839744517ff
SHA174f00c12934c56bcef2c399c107d247c8189f454
SHA25676c61c201fed045a594b80a34580f95fefeca5b07424c96c2b998a2773536004
SHA512f2170b45d66b4daf8ddd15e5ef0033982db5982c7484e3c7919d51a3984679c0d95c8cb0347e9713a77b9efb92e5795ae6b7b0e5711ef421301ae7a7dd74f401