Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

21/01/2025, 08:24

250121-ka7wnavmhr 10

12/06/2024, 04:32

240612-e6ft6a1cmr 10

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    12/06/2024, 04:32

General

  • Target

    MultiHack v1.7/jvm.cfg

  • Size

    4KB

  • MD5

    e9da54c707da4e8ab2306b9f7c5f30ae

  • SHA1

    f229561832df50b9b2bbea74c7234423d9e0a61f

  • SHA256

    76c6dedcc8f51e80c08b8bead23af8168ffa0de26c57e546cefff2f4cf318bcb

  • SHA512

    d1be773d908e4eb1cdb34a3d4b9a4b2c179026711893f81cbbbeb0571388f5d44b0ade12c351e4f81439a7afd5dbfe1445d1bdd142c4c31ccf4d1ddb6ad45931

  • SSDEEP

    96:si28cXGJMpOMRVF4U6Awknpwuwjv3EgYWb8hsqWPMWMrEWBnKvTgWTWekqP3sA7L:pch/K

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\MultiHack v1.7\jvm.cfg"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2824
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\MultiHack v1.7\jvm.cfg
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2660
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\MultiHack v1.7\jvm.cfg"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2524

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    d283dcf27c61998e83a69b1f623b664e

    SHA1

    1089cc8048f6543e0021f9ffe2755208071043b5

    SHA256

    82ea58d5cf09b8c39bcb6699737dbd8856265c772a8ec15888a936818f1c8901

    SHA512

    8e1c628ff280b8bce71f3aff683f59a646a0b94cda49f81e131c512cc617a60d9ac5c0fda3c2f8251746085b880dd922b9d1659ff87625a952edadc412137576