Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

nokia s40/Micat.jad

windows7-x64

3

nokia s40/Micat.jad

windows10-2004-x64

3

nokia s40/Micat.jad

windows7-x64

3

nokia s40/Micat.jad

windows10-2004-x64

3

nokia s40/...��.url

windows7-x64

1

nokia s40/...��.url

windows10-2004-x64

1

000Micat.exe

windows7-x64

3

000Micat.exe

windows10-2004-x64

7

000Micat.exe

windows7-x64

3

000Micat.exe

windows10-2004-x64

7

咪客适�...��.xls

windows7-x64

1

咪客适�...��.xls

windows10-2004-x64

1

索爱k750...at.jad

windows7-x64

3

索爱k750...at.jad

windows10-2004-x64

3

索爱k750...at.jad

windows7-x64

3

索爱k750...at.jad

windows10-2004-x64

3

索爱k790...at.jad

windows7-x64

3

索爱k790...at.jad

windows10-2004-x64

3

索爱k790...at.jad

windows7-x64

3

索爱k790...at.jad

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    20/06/2024, 14:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    nokia s40/Micat.jad

  • Size

    4KB

  • MD5

    8853ed1066ea35662e78018374b288c4

  • SHA1

    4ff3e71ed0f5c2eef983c5dfcfab3ab63041b5e4

  • SHA256

    1e33922f9e704fd7ee09a24455ac8760642b06157487f7742042951af4487762

  • SHA512

    f5142e49cfed0a27aa92adcefaf669f389b179f8a9e0c60b87e7fec2d801d2390455e6f22f26c291fa11318943eaf0c6146daa940004742af2a0622da60d07c3

  • SSDEEP

    96:Wk08mo30FIgDFwIJ9armT0DA8SFwIb34/bKVU21fnXCvNjsX:uNOgDFwIJ9armgDA8SFwIb3wbKDFus

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\nokia s40\Micat.jad"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:928
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\nokia s40\Micat.jad
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2688
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\nokia s40\Micat.jad"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2620

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    651de3a446f085a45d902c3b67dcb56f

    SHA1

    3c02fc87ae0e6542b543f978f2cdbd9a109b5560

    SHA256

    a81dc4b7e9ac606b06250bc99c62dda959938ccd816c5e205cacc7648607dd03

    SHA512

    58924d3f7a90f81f9954c5afa766c6d944559f7da675de631cb10fd30b4ebf3dee544d0b23e9fa55a74a028e413427608ea3d08808360ec73bf28410f0ebae6e

    Download Submit