Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

05/04/2024, 21:46

240405-1mqqxaec37 7

05/04/2024, 21:45

240405-1l47xadg2w 3

Analysis

  • max time kernel
    118s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05/04/2024, 21:46

General

  • Target

    oblivion/x64/Debug/vc142.pdb

  • Size

    1.1MB

  • MD5

    1f6e56db86dcdc9560e134d0d53d7aff

  • SHA1

    13e4cdf95fd93641aa34a4ae354bf762d0b748b4

  • SHA256

    56240847b5c2ab14d9a6a7f49e18925067192c5caa6bf34a7e0a05d3b6ccf427

  • SHA512

    0ad8f8de4b3afde57a213b9f6477ab2dd9237a47a13c0032b2cc0cedc81bc31cf7f263a3cc2f816dac4e8b12d18746ea61482a4994e7fa0c60d58b6d6a0794af

  • SSDEEP

    24576:D31mwSV6rCJMEnhYJykEetKh+XmY1n9XJrLFwtYu:s

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\oblivion\x64\Debug\vc142.pdb
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2156
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\oblivion\x64\Debug\vc142.pdb
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2612
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\oblivion\x64\Debug\vc142.pdb"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2616

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    d0dcc701fb910eb4814f764606e9f080

    SHA1

    5c304aabc30311e2309aab4f704a89f7ad38b82e

    SHA256

    84f87c4724353d3c0647afc4510a7ce53934e660c4053390420889407c9eb8dc

    SHA512

    622e88651c23b45638a7c6566b426a2176774f55d990f85d6f980589261699921bf0659906721e3ccfb9723b9f872b1a1716804ee18a4ef61b71327cc17cceee