Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
09/04/2024, 15:57
General
-
Target
WFWinXpGf_m-1.0.1.xpgf
-
Size
514.9MB
-
MD5
6f7a8ec78eea8fa6c78d3bc88eeab97f
-
SHA1
adba08e07ee495bc5376480a49f4c831c4aee78b
-
SHA256
6f9cc7c6fbb7c8349d4eb67b242acbb7ebe23d44423282c8a3ea04386d0a6526
-
SHA512
5a05e155ea5d81f28d8ee3f0d11ccf488f540e47e47c21d154984990d25a7ee118279807791fe2630ccc7c47a2e7e9b8a7359b1ef24d062bd8c60d846dba88f0
-
SSDEEP
12582912:f0pexr3FXJPX7N/DtPSp5A1BUcyPY+lz6OxFJW:SexrHrpxQ5MBuluOBW
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\WFWinXpGf_m-1.0.1.xpgf1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\WFWinXpGf_m-1.0.1.xpgf2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\WFWinXpGf_m-1.0.1.xpgf"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5fa71740f574af8c4b62a204939a0b852
SHA1cd98d528eb96e6db62f29e9df8495a2389b146e7
SHA25624f7f26bfb0374a2065c0f2ecbf0c91b2e5fbc8f09925312dc2b33bb5ac56423
SHA512012ceb9ca600d9f0840bbfe85e648419ac81df2164ce663ac30a6e993b50023920f2e85392b0235357c53865ffd24cd9d01023a8908b412eac3b35a35aff1296