Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
13/03/2024, 20:55
General
-
Target
paint.net.5.0.13.install.anycpu.web.exe
-
Size
1.1MB
-
MD5
9e8c911802a8f387d536a340f39b2636
-
SHA1
85074c4e1574de523596950d33aa10fa27813813
-
SHA256
289df7d7b2f0da4de90cf66ee44d60162fdb65e8f36744f724009d5879925d27
-
SHA512
430e8fe20916fa9f8a2bec1f2d4d85ca555fae3c6e08622d8c4f36cb9c513beec51dca094acaf560bd5eb32a6a56753fd3594b7be92c9b89786290b1e122a9b3
-
SSDEEP
24576:/PYYYYkeBVMCOVI3YofBJT6F18BzgjIMbaF:/PYYYYksMCOVI9BJTSe8jnGF
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\paint.net.5.0.13.install.anycpu.web.exe"C:\Users\Admin\AppData\Local\Temp\paint.net.5.0.13.install.anycpu.web.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7zS4E410B76\SetupShim.exe"C:\Users\Admin\AppData\Local\Temp\7zS4E410B76\SetupShim.exe" /suppressReboot2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152KB
MD5ed82da8ce63807986d06e19ce59d7869
SHA1545de4373061d6628c047929147ea3590daed3ec
SHA256cbaf647f029408fbd79290f6727ce9a3cc4c9bcfac19c74a09981b4bc849a3dc
SHA512fc78b01952bb23e4b108b493a0e20c157faca263eaeb912ad670a5cb2fe5f6c8e4e075b9cf34299ec3dfa1214acc36bfd34767f33fc31f81d178fcabbd2d698a