Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    24/05/2024, 14:46

General

  • Target

    ForwardedMessage.eml

  • Size

    299KB

  • MD5

    9853f0d353200237d8fada1affe0a7a9

  • SHA1

    198d7ff37fe4b584acefc2ba5abccdc81ea6ac7e

  • SHA256

    79abbda9d182f7a710bf6365bfc4ed50fc7669c7840c9593c8d663a6d059db06

  • SHA512

    89cd7db70587b16927ef36c9b8e8e26913ddad3825a1b2c57fc7002c0d3e9038ebc6820c91ab23719ad8a3b5d9e7c5975f855fbc633a99216119baf4fda0a802

  • SSDEEP

    1536:xPXbOrvLPqsohfWcT2kvFxhR1WRFxsYOEvAvBhg9qDFe+emfjr9i7nU0I1GsoIWM:xPX2vLDJ6YQj8UlJ4DS

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 14 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
    C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE /eml "C:\Users\Admin\AppData\Local\Temp\ForwardedMessage.eml"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    PID:3024

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

    Filesize

    235KB

    MD5

    2c015385399d909cdf2f4cb4a8caceb4

    SHA1

    29e6358c93d8f8948bfed3d92ab5ed25048c9fa1

    SHA256

    b2239381139be8229dfdae07fae60298125f283cb3bfcffd2b3c710cc8f65019

    SHA512

    1bb375af24ece4e745dbbc9613ea50a67eb62aec4d28ca03db36d94a5fc8613aaf57670078de6f91958b0d033fdc32dc924115b94464012b8b1441cbd64c725b

  • C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

    Filesize

    240KB

    MD5

    6af62ed172bda68300b7786c6c000943

    SHA1

    54c5509aedbb316636beebc0e216272b52ed7dfb

    SHA256

    f1510028385b426cfbc586dcb7840396becd4f1938095c42fa2661d5511452fc

    SHA512

    619ce52af6d3c2910a9eb10f48f531e068b742497737c771b4aa16a2a81f556bdf7b6c89089060af1c9692b6c501982743f1d3cc4fe5e4935d8e1d54d98fc98e

  • C:\Users\Admin\AppData\Local\Microsoft\Outlook\mapisvc.inf

    Filesize

    1KB

    MD5

    48dd6cae43ce26b992c35799fcd76898

    SHA1

    8e600544df0250da7d634599ce6ee50da11c0355

    SHA256

    7bfe1f3691e2b4fb4d61fbf5e9f7782fbe49da1342dbd32201c2cc8e540dbd1a

    SHA512

    c1b9322c900f5be0ad166ddcfec9146918fb2589a17607d61490fd816602123f3af310a3e6d98a37d16000d4acbbcd599236f03c3c7f9376aeba7a489b329f31

  • memory/3024-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

  • memory/3024-1-0x000000007319D000-0x00000000731A8000-memory.dmp

    Filesize

    44KB

  • memory/3024-124-0x000000007319D000-0x00000000731A8000-memory.dmp

    Filesize

    44KB