Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    118s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07/03/2024, 07:09

General

  • Target

    Nexus-MultiTool-main/Helper/Funcs/remove_doubles.py

  • Size

    1KB

  • MD5

    8e69237cf11968d3dc406de6fd7970a7

  • SHA1

    708fc60c418c79565c73ec226c914e2e4554ccb3

  • SHA256

    92eb6016a369c89244085ff1a5d0fe2c7a3cd79b12808f60e2b9b20e56958d33

  • SHA512

    34b7b9bcface2351b99f2d1e58b359aff9079733a511681535848a5b2b7d1ce7e9882ef12d210afa244350dd099d238b6c64cc9b6c57c88224bb154d229143fc

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Nexus-MultiTool-main\Helper\Funcs\remove_doubles.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2000
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Nexus-MultiTool-main\Helper\Funcs\remove_doubles.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2572
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Nexus-MultiTool-main\Helper\Funcs\remove_doubles.py"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2452

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    f24840dc8bf4e558a84e4f4eb2e0961c

    SHA1

    ebfea5e7a7a2368b33c12609d0b96855f9f1f1c7

    SHA256

    93e9df6b13cc3f7d3e535adad2d2b74dd65e36e724ec4ef886230f0e80a7865e

    SHA512

    fb355de6da88afb5c7ee60ac6d527708df3e234568475c2a2d978930fa805f8b8c8fd19542f6e17bde2156c83bb1d3bb483a6f069e283e4ea68ab0c8805b8010