Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Software_1.30.1.rar

windows7-x64

3

Software_1.30.1.rar

windows10-2004-x64

7

Debug/Addition.dll

windows7-x64

1

Debug/Addition.dll

windows10-2004-x64

1

Debug/Autoupdater.ini

windows7-x64

1

Debug/Autoupdater.ini

windows10-2004-x64

1

Debug/Cracker.dll

windows7-x64

1

Debug/Cracker.dll

windows10-2004-x64

1

Debug/DebugPPF.tmp

windows7-x64

3

Debug/DebugPPF.tmp

windows10-2004-x64

3

Debug/DebugPPT.tmp

windows7-x64

3

Debug/DebugPPT.tmp

windows10-2004-x64

3

Debug/Helper.dll

windows7-x64

1

Debug/Helper.dll

windows10-2004-x64

1

Debug/Management.log

windows7-x64

1

Debug/Management.log

windows10-2004-x64

1

Debug/Resource.dll

windows7-x64

1

Debug/Resource.dll

windows10-2004-x64

1

Debug/main.ini

windows7-x64

1

Debug/main.ini

windows10-2004-x64

1

Language.pimx

windows7-x64

3

Language.pimx

windows10-2004-x64

3

Main.ini

windows7-x64

1

Main.ini

windows10-2004-x64

1

Packaged/Main.xml

windows7-x64

1

Packaged/Main.xml

windows10-2004-x64

1

Packaged/Resource.dll

windows7-x64

1

Packaged/Resource.dll

windows10-2004-x64

1

Packaged/Utils.xml

windows7-x64

1

Packaged/Utils.xml

windows10-2004-x64

1

Software_1.30.1.exe

windows7-x64

10

Software_1.30.1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    102s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    26/04/2024, 10:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Debug/DebugPPT.tmp

  • Size

    11KB

  • MD5

    4969578a5fd8d113ab7783812849c1ed

  • SHA1

    580f84362a74337b2ed25bd58700e9a002e51bc9

  • SHA256

    9f2b02ba814c2975a7b6ed5aa03345046a9c9d3036481a8a109b132a951e82a0

  • SHA512

    49dc150be750ff0a5b03fbe384debcc136d6dad513fa1c6284469de8e8aed1b865b2bd8271937030818094bcc5358dde6e146e3c784dd88fa9681a84c7a557ef

  • SSDEEP

    192:W7F8knwe/KZztz2XFuUpcWOEai+S7UeAJo9pDWhuDyG/WE8cHtENQmfsB:WNn1y1p2XMUpcWb+qUerShuDl+8HerfQ

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Debug\DebugPPT.tmp
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2364
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Debug\DebugPPT.tmp
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2680
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Debug\DebugPPT.tmp"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2708

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    ea4b1f383e97980c4bd66cb42716954a

    SHA1

    9cd2109530508cd6957ef5d63978d3a49dc13c10

    SHA256

    b307990810dbaabf569417d5dccd5f939520a9e6291ca26df042570b54823699

    SHA512

    b98151a3292cc9549c50abbfd9a29c3339ee73bda9429849c5546122452a2282e9d52d40bf34e91aa3e1756320734d683b878162b6263ef75ff3d4cf007b1c4b

    Download Submit