Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

[Boschiana...ackage

windows7-x64

3

[Boschiana...ackage

windows10-2004-x64

3

Analysis

  • max time kernel
    138s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    15/03/2024, 23:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    [Boschiana] Fitness_ReviveLeggings.package

  • Size

    2.3MB

  • MD5

    97034bf575cb210829abd907d659c35a

  • SHA1

    068690b20864a657901f61ed5f50b5ee2b3cf0d2

  • SHA256

    2efceaf3abb2499b3f33f3d419f1805c14b7d85cdaa8cb032f0300c639ab25af

  • SHA512

    91b56a16d3f6d8865dfe20692d85fcd7b2fedf5d6893d4885c9c3d9d1a7a835c17c81c2cb2e9686c5c881a7c8080af2fc1735849494f530b23f85f37279194be

  • SSDEEP

    49152:9P/r72VOTGGfgv5px1XLUZi9AkbPKTQ6oH7jcFh4XyDdNGIIbaNzQhP/T1oEm:tzyVOTGGIBdgi0SHXWhEyDdnIbaNz+Vm

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\[Boschiana] Fitness_ReviveLeggings.package"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1772
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\[Boschiana] Fitness_ReviveLeggings.package
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2944
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\[Boschiana] Fitness_ReviveLeggings.package"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2604

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    0918c26d975598ff4b2206969c78a996

    SHA1

    3f6bd8c100aa2ebb114f07f5491937ef54f9b793

    SHA256

    9750e075a39152938d4c9bf7c5f0d337af317ed8aa298eff7a49ecb515145e42

    SHA512

    e1f8937afe6ef6290748f135030e05df5e5b75006c4dede36c9e42dab80cf208179c806dab0bf3dd49903e55af5babdf1cf99801c9917af894382d922b4cec5e

    Download Submit