Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
17/10/2024, 21:38
241017-1hdksa1cml 303/09/2024, 13:46
240903-q3d2yazbmf 303/09/2024, 13:46
240903-q2zbgszblf 322/05/2024, 13:06
240522-qb91asce4s 308/05/2024, 20:44
240508-zh7m7aef4y 325/04/2024, 19:41
240425-yebkxadh96 824/04/2024, 20:10
240424-yx2j2sgg57 824/04/2024, 20:09
240424-yxmqwsgf71 324/04/2024, 20:03
240424-ysxejage8z 3Analysis
-
max time kernel
1558s -
max time network
1564s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
24/04/2024, 20:09
General
-
Target
Monoxide.aps
-
Size
144KB
-
MD5
f7d3cae315be90f7dbfdff123067b6ef
-
SHA1
a565254c22714b5fa19f2a8e80f99a3e0dadeae1
-
SHA256
84de10c1d9a28efbe70d63bb127f23902cc9ebaf61effeede17085572d4878a3
-
SHA512
cc1b98aa943dd9b90efb676d2c9b16a8c099959d8cc3da58da8da870557f3a624515fc88f4b8bbac6ff6b98bb2a0311d893a66c1347817a75196d370981be755
-
SSDEEP
768:S5N5N5NSrpWeq6LOrrrzzzz7DDDHjjjIWbi9E3AAq/L9YO3Iz:S3336DWbi9E3AAqDI
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Monoxide.aps1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Monoxide.aps2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
-