Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    14/06/2024, 07:44

General

  • Target

    cinerotique_mod_scripts/add_tag_elements.pyc

  • Size

    3KB

  • MD5

    8ba0af0008484613b971a4abf5778858

  • SHA1

    92031a8c306e84dcfeb09e48679780091ae8c449

  • SHA256

    adaaccd543379b93a7b48729ef3fa9675c4e4a5f0aa6f7b059e84059552b5112

  • SHA512

    a7d16d60a02bcc0744e8ec411a7b168937ef6c864e9de3b93fa9719f7fbeb8da33a9c25c77278523da2bdf2ade3ae2f3f5ae978e13bb61d2c0e8841eb9493506

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\cinerotique_mod_scripts\add_tag_elements.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2848
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\cinerotique_mod_scripts\add_tag_elements.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2648
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\cinerotique_mod_scripts\add_tag_elements.pyc"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2644

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    0406a72c4b31b201dedbd1dc4387571b

    SHA1

    7ad4209548f3ab01b874286b2a9cb41deff82622

    SHA256

    fc61556712896fdeb6fccbda0f764f36e69c71dbe9fa014f08596d693c7993f1

    SHA512

    b7e23a536e71e3922f8431dff95f887ad5c5d36e7e48fda37cda4fa0e2dc29e01476d126624d9d46eb8584694b8ca7e2a0fa0d299ba5bc0410037a5fb8a395bb