Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

[0.3.2] Ch...um.zip

windows7-x64

1

ChatSentin...st.yml

windows7-x64

3

Information.txt

windows7-x64

1

Resubmissions

26/04/2024, 07:52 UTC

240426-jqc6jscb3x 1

26/04/2024, 07:48 UTC

240426-jm6npaca94 3

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    26/04/2024, 07:48 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ChatSentinel/blacklist.yml

  • Size

    7KB

  • MD5

    0a8d0a3052ae7ac9f36a7472fd848d74

  • SHA1

    746677f4c0e5edb88ec4d3f65f7dcb56d0593a08

  • SHA256

    29588bb74610c517dff9659b8e132c52ee487c3f6a9a7b2a1a07cc91a3931916

  • SHA512

    393d245b0b2544f347fdea6265a661c8e483f88cf6d6db642384c4a2c3e0aaa38403faa62d0d80a5688e25cb7da3ecbedb7d5d9734665b13c1d6d6acc5384449

  • SSDEEP

    96:ajMpwK8wj5d5to2qcOdyHmhR6HXIFbzAjn/jP9IKlT6:ajMpwK8wBt8JR64xAFVlT6

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\ChatSentinel\blacklist.yml
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3016
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\ChatSentinel\blacklist.yml
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2948
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ChatSentinel\blacklist.yml"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2552

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    c0053b78c94abbf3b4974a8098152115

    SHA1

    4acff28a86b7b27305de9c96626955b493cd9985

    SHA256

    51044225ce5778aafc9bf39d8e77a1613289dc2eb40f7527f188fca85bed5067

    SHA512

    1eb1a80a407479c05cebe78b1558166d208c61f9e00cb7c6760ef8d92662ef0081f8062287432cd17dbed6c2efd728d7761e9e6f8d762bed90f0b31c44d54dbe

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.