Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

Keys 17.0.0.rar

windows7-x64

3

Keys 17.0.0.rar

windows10-2004-x64

7

Keys 17.0.0/prod.keys

windows7-x64

3

Keys 17.0.0/prod.keys

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05/03/2024, 17:48 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Keys 17.0.0/prod.keys

  • Size

    14KB

  • MD5

    4ed853d4a52e6b9b9e11954f155ecb8a

  • SHA1

    d6cedce971a2a4ab2588e39285a9d2fb37b62924

  • SHA256

    76df55f85c6628cd924f227a72a301bbb731833c0a0f00c440e01e6b34480990

  • SHA512

    270807500ee0e4a2414efe7d05d59fb2fd17830a2433342a06502355ddc8694b667760a8d2cd50a150d529c21dcdc243bce026251f00ccbcfde403d44064c59b

  • SSDEEP

    384:inP5ycEm3I3Re4qwjHJMN3lhDkzRdKOKKY:inPvt3ImCHJMNVhDkzaOKZ

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Keys 17.0.0\prod.keys"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3024
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Keys 17.0.0\prod.keys
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2544
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Keys 17.0.0\prod.keys"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2832

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    83063890b8bbcd45311a109b6f915595

    SHA1

    464167dd7aeea39b287cd22f554f47717d55b10d

    SHA256

    9c53521fb87fc2efb3fbd34dbb352aadab7a39b515c409b38a8fbec1c0d74a6b

    SHA512

    105f445d2103d4e9e1ebbd2761075865fc667a1c4534b42d9a00f453aaf3be9ce3f79519cf8a6beb43d5cbe4b72c659c5b679e510c5db313337115380165ac6e

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.