Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
05/04/2024, 21:46
General
-
Target
oblivion/x64/Debug/vc142.pdb
-
Size
1.1MB
-
MD5
1f6e56db86dcdc9560e134d0d53d7aff
-
SHA1
13e4cdf95fd93641aa34a4ae354bf762d0b748b4
-
SHA256
56240847b5c2ab14d9a6a7f49e18925067192c5caa6bf34a7e0a05d3b6ccf427
-
SHA512
0ad8f8de4b3afde57a213b9f6477ab2dd9237a47a13c0032b2cc0cedc81bc31cf7f263a3cc2f816dac4e8b12d18746ea61482a4994e7fa0c60d58b6d6a0794af
-
SSDEEP
24576:D31mwSV6rCJMEnhYJykEetKh+XmY1n9XJrLFwtYu:s
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\oblivion\x64\Debug\vc142.pdb1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\oblivion\x64\Debug\vc142.pdb2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\oblivion\x64\Debug\vc142.pdb"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5d0dcc701fb910eb4814f764606e9f080
SHA15c304aabc30311e2309aab4f704a89f7ad38b82e
SHA25684f87c4724353d3c0647afc4510a7ce53934e660c4053390420889407c9eb8dc
SHA512622e88651c23b45638a7c6566b426a2176774f55d990f85d6f980589261699921bf0659906721e3ccfb9723b9f872b1a1716804ee18a4ef61b71327cc17cceee