Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

test.rar

windows7-x64

4

test.rar

windows10-1703-x64

3

test.rar

windows11-21h2-x64

3

Resubmissions

12/03/2024, 11:00

240312-m4d7jshb86 7

12/03/2024, 10:59

240312-m3g7tahb69 4

12/03/2024, 10:53

240312-my2ewsfb61 1

12/03/2024, 10:46

240312-mt968sha44 7

12/03/2024, 10:45

240312-mth3raha27 1

12/03/2024, 10:42

240312-mrtrgagh67 7

12/03/2024, 10:40

240312-mqwvfagh48 7

12/03/2024, 10:38

240312-mpq8kagg96 7

12/03/2024, 10:34

240312-mmbp4aeg7z 1

Analysis

  • max time kernel
    15s
  • max time network
    4s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12/03/2024, 10:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    test.rar

  • Size

    12KB

  • MD5

    af7865d63e70c3d756da8453bb7cf26c

  • SHA1

    e1801990363b402d2dbb86e1c6de5a059c771459

  • SHA256

    1739daa2526c9eafbc94187dcec3289a550fca169d0a2b0d6b48e23e4aa33d1d

  • SHA512

    55e4514c37786ace53888c974c69411938fffd6c1376551b3bdbe244ee156f68cc89fa14ea9bf93fee44913bca48d75a48a9e9cacbcee8ba23cf93b8e25241ec

  • SSDEEP

    384:MI35H53l6y/U61vOlu56Xsh3pb0GkkayImr:MIhU6NIggyb0Gk5W

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\test.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:916
    • C:\Program Files\7-Zip\7zFM.exe
      "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\test.rar"
      2⤵
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:2604

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads