Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

20/06/2024, 03:53

240620-efl89a1hmp 7

Analysis

  • max time kernel
    123s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    20/06/2024, 03:53

General

  • Target

    MegaHackInstaller/translations/qt_ar.qm

  • Size

    156KB

  • MD5

    257bce0d43476ff6548f7d9d2c3a5809

  • SHA1

    3d7b581860c381fc5644f739850f4c126f27838d

  • SHA256

    c14ebfaa0fecb341b43ed2179df9372d27ad20a15bafb9f5403d57838ae1d88a

  • SHA512

    051c71e4d105b082d169c5b57d2b6cfc093d174a649a0b4d42fd226b808c9fedb51a8ced6d5cb5db7f4fcce29419ec068d473b7ff7b8e15b9f8a82d32b73be00

  • SSDEEP

    1536:XGlAMfkX1M0RdaCkR8lfv8vtc8EFrVYA2I4AJZWEWgHg1C8COvzLKHC6Jp9NV0V7:XUr0RACkIwDEpV1Lgf16btw3Bb

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\MegaHackInstaller\translations\qt_ar.qm
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2920
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\MegaHackInstaller\translations\qt_ar.qm
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1916
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\MegaHackInstaller\translations\qt_ar.qm"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2704

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    b86132fca9d5caf57ad4397ccacfd2e5

    SHA1

    ddc57d7484738a07b409c6d6b950012ad33e9db1

    SHA256

    89f083dd9c1f32d55954d070d555db3cf4f7e2bff3c37e9c07d90596118a9dc2

    SHA512

    0974e6a2c7495a9c1a9f309c009905bbcbc71f31cfdc97e90d9ed533ce0bbdc9e0062024b6c6e8683d724494fb5e466f11bace0b0ed424a504851329081c720f