Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    1388s
  • max time network
    1390s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240611-en
  • resource tags

    arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    16/06/2024, 22:42

General

  • Target

    313132.png

  • Size

    77KB

  • MD5

    eaf3bd7218655fd134b03e2780176efa

  • SHA1

    86c28181cd4d7eb4ee99cdb1f461e74a4cef19cd

  • SHA256

    a1020b2a2ef36a2830603e9b088eafc04bd9fe976f51879bfee49d9d68bc7de5

  • SHA512

    4c1f49003acce774d6164a45cfbe13d681b27570790cd73b223166335f235ddebccc57c54074b4716f12614e29e9de4f3dc7e3802e3409e56ebd7342dd28b2b5

  • SSDEEP

    1536:CroZ+W1AURecTEw5WvyAbAboRLT81gSp29fTrV+:P1AcecLWvyAbAoLTCgSQ9PV+

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\313132.png
    1⤵
      PID:4200
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
      1⤵
        PID:1532
      • C:\Windows\System32\oobe\UserOOBEBroker.exe
        C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
        1⤵
        • Drops file in Windows directory
        PID:2820
      • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
        C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
        1⤵
          PID:1296

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads