Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

citra-wind...ly.zip

windows7-x64

citra-wind...ly.zip

windows10-2004-x64

1

citra-wind...nt.dll

windows7-x64

1

citra-wind...nt.dll

windows10-2004-x64

1

citra-wind...re.dll

windows7-x64

1

citra-wind...re.dll

windows10-2004-x64

1

citra-wind...ui.dll

windows7-x64

1

citra-wind...ui.dll

windows10-2004-x64

1

citra-wind...ia.dll

windows7-x64

1

citra-wind...ia.dll

windows10-2004-x64

1

citra-wind...rk.dll

windows7-x64

1

citra-wind...rk.dll

windows10-2004-x64

1

citra-wind...vg.dll

windows7-x64

1

citra-wind...vg.dll

windows10-2004-x64

1

citra-wind...ts.dll

windows7-x64

1

citra-wind...ts.dll

windows10-2004-x64

1

citra-wind...DME.md

windows7-x64

3

citra-wind...DME.md

windows10-2004-x64

3

citra-wind...qt.exe

windows7-x64

1

citra-wind...qt.exe

windows10-2004-x64

1

citra-wind...om.exe

windows7-x64

1

citra-wind...om.exe

windows10-2004-x64

1

citra-wind...ra.exe

windows7-x64

1

citra-wind...ra.exe

windows10-2004-x64

1

citra-wind...ra.png

windows7-x64

3

citra-wind...ra.png

windows10-2004-x64

3

citra-wind...se.txt

windows7-x64

1

citra-wind...se.txt

windows10-2004-x64

1

citra-wind...in.dll

windows7-x64

1

citra-wind...in.dll

windows10-2004-x64

1

citra-wind...on.dll

windows7-x64

1

citra-wind...on.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    19/04/2024, 04:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    citra-windows-msvc-20240303-0ff3440\README.md

  • Size

    4KB

  • MD5

    3f14e4056fe49b06f75d60c06fa041d2

  • SHA1

    8d920d16819ae470e6c854f8f60478944b687242

  • SHA256

    1466a825150c613267d8ab061e6e729256562c2bdc65c1eeb6620028b1e975da

  • SHA512

    8dd50389b1ea7216412bffea80b4116b8f84b35958e36457b8f71a0d0b729a5314efe9f44811573935950425abd66ed0da130440aae637c254a0b4938162c1d3

  • SSDEEP

    96:cIMJzZyxzdjGnivgqvb5whcWlxbvoR8pIcbxubZvVUOYy:c2zdqnivD9DUIcbxubZtUO3

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\citra-windows-msvc-20240303-0ff3440\README.md
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3020
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\citra-windows-msvc-20240303-0ff3440\README.md
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2628
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\citra-windows-msvc-20240303-0ff3440\README.md"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2732

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    2f76f92778cd154310ee3fb6c74502b4

    SHA1

    9921c5b32b348416f169f8b41d2d9b18d0b5ce31

    SHA256

    220617373b0827c7b35263160a1f0c09c3a8a87a6bde4884a3f5be785dee085f

    SHA512

    2e415da21bae5408efb80bc8da56e9fdb89dc47ef42f3c3e5e4323106279b1747e6f4532a0cbbc5188102058843b679f9067f4b79a4599d4a45d921404b796ca

    Download Submit