Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

FoxiWare W...rt.rar

windows7-x64

3

FoxiWare W...rt.rar

windows10-2004-x64

7

foxiwareW11.exe

windows7-x64

1

foxiwareW11.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    26/04/2024, 11:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FoxiWare W11 Support.rar

  • Size

    682KB

  • MD5

    6dde9d167b55c0945de83eb8b518e75d

  • SHA1

    463dfa8f5c6dd774cc05f9ca0cbb6e3d7c981218

  • SHA256

    bcc9b82f4b261b15c94e811e3375734b568412b81ae90e5a3ed5a823e8ba9b79

  • SHA512

    1852d44fe1ec0db03a76f3c665f82a171cbde3a19f467254239acb214e68fec9dfdcb7db0e6acabc8505402940a4d6b907f7ef18ece0fd38571142db9a62e306

  • SSDEEP

    12288:zq+PSawQjRvM8ZJxbYLVMUzZ+GxfamFjY/RSSjiV9dMMkc5u:eTO5YLVMUImJuRsVJkr

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\FoxiWare W11 Support.rar"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1848
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\FoxiWare W11 Support.rar
      2⤵
      • Modifies registry class
      PID:2768

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads