Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

Cert.zip

windows7-x64

1

Cert.zip

windows10-2004-x64

1

.bash_history

windows7-x64

3

.bash_history

windows10-2004-x64

3

.bash_logout

windows7-x64

3

.bash_logout

windows10-2004-x64

3

.bashrc

windows7-x64

3

.bashrc

windows10-2004-x64

3

.profile

windows7-x64

3

.profile

windows10-2004-x64

3

AAA Certif...es.crt

windows7-x64

1

AAA Certif...es.crt

windows10-2004-x64

1

AC RAIZ FN...OS.crt

windows7-x64

1

AC RAIZ FN...OS.crt

windows10-2004-x64

1

AC RAIZ FNMT-RCM.crt

windows7-x64

1

AC RAIZ FNMT-RCM.crt

windows10-2004-x64

1

ACCVRAIZ1.crt

windows7-x64

8

ACCVRAIZ1.crt

windows10-2004-x64

1

ANF Secure...CA.crt

windows7-x64

1

ANF Secure...CA.crt

windows10-2004-x64

1

Actalis Au...CA.crt

windows7-x64

1

Actalis Au...CA.crt

windows10-2004-x64

1

AffirmTrus...al.crt

windows7-x64

1

AffirmTrus...al.crt

windows10-2004-x64

1

AffirmTrus...ng.crt

windows7-x64

1

AffirmTrus...ng.crt

windows10-2004-x64

1

AffirmTrus...CC.crt

windows7-x64

1

AffirmTrus...CC.crt

windows10-2004-x64

1

AffirmTrus...um.crt

windows7-x64

1

AffirmTrus...um.crt

windows10-2004-x64

1

Amazon Root CA 1.crt

windows7-x64

1

Amazon Root CA 1.crt

windows10-2004-x64

1

Resubmissions

17/06/2024, 07:23 UTC

240617-h73bbszepa 8

17/06/2024, 07:20 UTC

240617-h53t3stfmj 1

17/06/2024, 07:17 UTC

240617-h4dhsszdkg 8

17/06/2024, 06:22 UTC

240617-g49essyaqa 8

Analysis

  • max time kernel
    18s
  • max time network
    20s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    17/06/2024, 06:22 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .profile

  • Size

    807B

  • MD5

    f4e81ade7d6f9fb342541152d08e7a97

  • SHA1

    2b9ee6d446f8f9ffccaab42b6df5649f749a9a07

  • SHA256

    28b4a453b68dde64f814e94bab14ee651f4f162e15dd9920490aa1d49f05d2a4

  • SHA512

    26544e0b85ca6d7cca3b8ace7d01f712e24020f07b6a6ad54a6942909040221f09bf922a4d0da555ce64ceebb4934b28719a23a0e6401337a69d4a0170bd8e4c

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\.profile
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3056
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\.profile
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2648
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\.profile"
        3⤵
        • Suspicious use of SetWindowsHookEx
        PID:2632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    9959227715d5d63255e18ab361b4ad1b

    SHA1

    e98c7112f26fa7f4d4c793d3ca9204350ea87c16

    SHA256

    a7418f0f32dc47bf2c73fdcfa0726ccb109b5ceafa3dd59050c3b7aa6c87ee1c

    SHA512

    b7ef1aa25a848777a0b10f941269059a712e16a681fa8a215205f8cd619ec13902e59259e37151cb4313ef440cd57f0f0cb4a4083ef0fcc6e888b9ea9559885c

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.