Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25/03/2024, 18:16

General

  • Target

    IMG_0112.jpg

  • Size

    50KB

  • MD5

    675cced5a600006e8585d18af8d3eb8b

  • SHA1

    d6ea45aadbd3aff0936c6fa4c4f97aff9f9757c3

  • SHA256

    86d6576b9d4c3fd200f534cfea0275b82ecdc51c9af7d06d247d89c1b2c0f423

  • SHA512

    34821f8a72e6c11643dbfcfc05ba6b1d344af1a7bf9e3f37af7de097eb4cac6e882f0808b1ca076b7c10d601ecb23a3afe6fdc43ce4f8bffff3238619d8e5f83

  • SSDEEP

    1536:Nab2Rv4lZuwAGwZMJlw92mrG5gnsPtaeevkGiSUuq7aFE8:s6Ro5AVOwjq5g6aeesGiFDd8

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\IMG_0112.jpg
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    PID:3048

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3048-0-0x0000000001D70000-0x0000000001D71000-memory.dmp

    Filesize

    4KB

  • memory/3048-1-0x0000000001D70000-0x0000000001D71000-memory.dmp

    Filesize

    4KB