Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

09/04/2024, 22:11 UTC

240409-131wtaea38 8

09/04/2024, 21:43 UTC

240409-1k5r2scg65 7

09/04/2024, 21:18 UTC

240409-z5mxasbe59 7

06/04/2024, 10:55 UTC

240406-mz7nashc59 8

06/04/2024, 10:41 UTC

240406-mrjaqsgd6z 7

Analysis

  • max time kernel
    1184s
  • max time network
    1220s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/04/2024, 21:18 UTC

General

  • Target

    $PLUGINSDIR/app-64.7z

  • Size

    69.5MB

  • MD5

    d69a8e4836dc74e3df52a4be7ce897d7

  • SHA1

    86960d11064df344292bc656f87a889bc270f526

  • SHA256

    b65b350aca339edcef90ee56996ff4b9e2b423e7fc62333de675b016c109bd83

  • SHA512

    de0d2d21f27828122ac0a6be60b554580aa0c12c1e6762b3f00f77a43c64f38edce62dfe6e7b30656b859886e918b26a2e2d34c6358c8c51c03287b56dea4f2b

  • SSDEEP

    1572864:w85PaKHmqV6kLdNjObU5LwsagSbZFgagYjhSuyDV09ar6:XPaq1VddNaAwsa3bjhHyh09am

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2536
    • C:\Program Files\7-Zip\7zFM.exe
      "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z"
      2⤵
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:2460

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.