Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14/06/2024, 07:44

General

  • Target

    cinerotique_mod_scripts/dlc_pack_tests.pyc

  • Size

    3KB

  • MD5

    086478cce52741bb3b20223fa1c47851

  • SHA1

    1fbd3fc25c7b3c1ab75e569257f61c5246b05fae

  • SHA256

    6d0230f739adb06213c5e39c9810076aec253c64e15767d2e25f87e56d70487a

  • SHA512

    88c1057a84e4caa74acb57f52e228cd7809b77fd1d10aaf55b26aae44651ac71aea3fdc2e844e96888ce64f86babc5f063dae86c337d3d3b4f94e72b4781c991

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\cinerotique_mod_scripts\dlc_pack_tests.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2732
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\cinerotique_mod_scripts\dlc_pack_tests.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2588
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\cinerotique_mod_scripts\dlc_pack_tests.pyc"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2572

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    86960ef2dd8f6e535de73ff0fa300052

    SHA1

    2d1d7e1f9ae8ae792768cac93a52e71e6f85a6b8

    SHA256

    6aebdeed3c9769c750fbc08c2b04b28099b05975bba89fe213fc9e27ff541c64

    SHA512

    ddbad8618e3027bc00659c5dc51de99f6735fd6098a017c14ec80d2b2edf52db5d0933d55495e55352c0cda30488142dcdc47e655f07c3e8d57e592fc0d68d44