Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
3MultiHack v1.7.zip
windows7-x64
1MultiHack v1.7.zip
windows10-2004-x64
1MultiHack ...er.exe
windows7-x64
7MultiHack ...er.exe
windows10-2004-x64
10MultiHack ...ME.txt
windows7-x64
1MultiHack ...ME.txt
windows10-2004-x64
1MultiHack ...vm.cfg
windows7-x64
3MultiHack ...vm.cfg
windows10-2004-x64
3MultiHack ...sy.txt
windows7-x64
1MultiHack ...sy.txt
windows10-2004-x64
1MultiHack ...ap.txt
windows7-x64
1MultiHack ...ap.txt
windows10-2004-x64
1MultiHack ...ns.txt
windows7-x64
1MultiHack ...ns.txt
windows10-2004-x64
1MultiHack ...st.txt
windows7-x64
1MultiHack ...st.txt
windows10-2004-x64
1MultiHack ...ts.txt
windows7-x64
1MultiHack ...ts.txt
windows10-2004-x64
1MultiHack ...ds.txt
windows7-x64
1MultiHack ...ds.txt
windows10-2004-x64
1MultiHack ...nu.txt
windows7-x64
1MultiHack ...nu.txt
windows10-2004-x64
1MultiHack ...ns.txt
windows7-x64
1MultiHack ...ns.txt
windows10-2004-x64
1MultiHack ...ts.txt
windows7-x64
1MultiHack ...ts.txt
windows10-2004-x64
1MultiHack ...ut.txt
windows7-x64
1MultiHack ...ut.txt
windows10-2004-x64
1MultiHack ...da.txt
windows7-x64
1MultiHack ...da.txt
windows10-2004-x64
1MultiHack ...le.txt
windows7-x64
1MultiHack ...le.txt
windows10-2004-x64
1Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 04:32
Static task
static1
Behavioral task
behavioral1
Sample
MultiHack v1.7.zip
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
MultiHack v1.7.zip
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
MultiHack v1.7/Loader.exe
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
MultiHack v1.7/Loader.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
MultiHack v1.7/README.txt
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
MultiHack v1.7/README.txt
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
MultiHack v1.7/jvm.cfg
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
MultiHack v1.7/jvm.cfg
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
MultiHack v1.7/scripts/actbusy.txt
Resource
win7-20240419-en
Behavioral task
behavioral10
Sample
MultiHack v1.7/scripts/actbusy.txt
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
MultiHack v1.7/scripts/actremap.txt
Resource
win7-20240220-en
Behavioral task
behavioral12
Sample
MultiHack v1.7/scripts/actremap.txt
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
MultiHack v1.7/scripts/audio_options.txt
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
MultiHack v1.7/scripts/audio_options.txt
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
MultiHack v1.7/scripts/bonus_maps_manifest.txt
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
MultiHack v1.7/scripts/bonus_maps_manifest.txt
Resource
win10v2004-20240611-en
Behavioral task
behavioral17
Sample
MultiHack v1.7/scripts/bugreporter_defaults.txt
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
MultiHack v1.7/scripts/bugreporter_defaults.txt
Resource
win10v2004-20240611-en
Behavioral task
behavioral19
Sample
MultiHack v1.7/scripts/chapterbackgrounds.txt
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
MultiHack v1.7/scripts/chapterbackgrounds.txt
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
MultiHack v1.7/scripts/clientmenu.txt
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
MultiHack v1.7/scripts/clientmenu.txt
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
MultiHack v1.7/scripts/controller_options.txt
Resource
win7-20240611-en
Behavioral task
behavioral24
Sample
MultiHack v1.7/scripts/controller_options.txt
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
MultiHack v1.7/scripts/credits.txt
Resource
win7-20240611-en
Behavioral task
behavioral26
Sample
MultiHack v1.7/scripts/credits.txt
Resource
win10v2004-20240611-en
Behavioral task
behavioral27
Sample
MultiHack v1.7/scripts/damagecutout.txt
Resource
win7-20240508-en
Behavioral task
behavioral28
Sample
MultiHack v1.7/scripts/damagecutout.txt
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
MultiHack v1.7/scripts/damagecutout_ceda.txt
Resource
win7-20240508-en
Behavioral task
behavioral30
Sample
MultiHack v1.7/scripts/damagecutout_ceda.txt
Resource
win10v2004-20240611-en
Behavioral task
behavioral31
Sample
MultiHack v1.7/scripts/damagecutout_female.txt
Resource
win7-20240220-en
Behavioral task
behavioral32
Sample
MultiHack v1.7/scripts/damagecutout_female.txt
Resource
win10v2004-20240508-en
General
-
Target
MultiHack v1.7/jvm.cfg
-
Size
4KB
-
MD5
e9da54c707da4e8ab2306b9f7c5f30ae
-
SHA1
f229561832df50b9b2bbea74c7234423d9e0a61f
-
SHA256
76c6dedcc8f51e80c08b8bead23af8168ffa0de26c57e546cefff2f4cf318bcb
-
SHA512
d1be773d908e4eb1cdb34a3d4b9a4b2c179026711893f81cbbbeb0571388f5d44b0ade12c351e4f81439a7afd5dbfe1445d1bdd142c4c31ccf4d1ddb6ad45931
-
SSDEEP
96:si28cXGJMpOMRVF4U6Awknpwuwjv3EgYWb8hsqWPMWMrEWBnKvTgWTWekqP3sA7L:pch/K
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\cfg_auto_file\shell\Read\command rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_Classes\Local Settings rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\cfg_auto_file rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\.cfg rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\cfg_auto_file\shell\Read rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\cfg_auto_file\shell rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\cfg_auto_file\ rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\.cfg\ = "cfg_auto_file" rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\cfg_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" rundll32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2524 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2524 AcroRd32.exe 2524 AcroRd32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2824 wrote to memory of 2660 2824 cmd.exe 29 PID 2824 wrote to memory of 2660 2824 cmd.exe 29 PID 2824 wrote to memory of 2660 2824 cmd.exe 29 PID 2660 wrote to memory of 2524 2660 rundll32.exe 30 PID 2660 wrote to memory of 2524 2660 rundll32.exe 30 PID 2660 wrote to memory of 2524 2660 rundll32.exe 30 PID 2660 wrote to memory of 2524 2660 rundll32.exe 30
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\MultiHack v1.7\jvm.cfg"1⤵
- Suspicious use of WriteProcessMemory
PID:2824 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\MultiHack v1.7\jvm.cfg2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2660 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\MultiHack v1.7\jvm.cfg"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2524
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5d283dcf27c61998e83a69b1f623b664e
SHA11089cc8048f6543e0021f9ffe2755208071043b5
SHA25682ea58d5cf09b8c39bcb6699737dbd8856265c772a8ec15888a936818f1c8901
SHA5128e1c628ff280b8bce71f3aff683f59a646a0b94cda49f81e131c512cc617a60d9ac5c0fda3c2f8251746085b880dd922b9d1659ff87625a952edadc412137576