Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
9Static
static
3New folder (10).rar
windows7-x64
3New folder (10).rar
windows10-2004-x64
3New folder...ic.exe
windows7-x64
3New folder...ic.exe
windows10-2004-x64
3New folder...lo.lua
windows7-x64
3New folder...lo.lua
windows10-2004-x64
3New folder...ec.lnk
windows7-x64
3New folder...ec.lnk
windows10-2004-x64
3New folder...ce.lnk
windows7-x64
3New folder...ce.lnk
windows10-2004-x64
3New folder...LL.dll
windows7-x64
9New folder...LL.dll
windows10-2004-x64
9New folder...ic.xml
windows7-x64
1New folder...ic.xml
windows10-2004-x64
1New folder...er.txt
windows7-x64
1New folder...er.txt
windows10-2004-x64
1Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
24/06/2024, 20:50
Static task
static1
Behavioral task
behavioral1
Sample
New folder (10).rar
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral2
Sample
New folder (10).rar
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
New folder (10)/Artic.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral4
Sample
New folder (10)/Artic.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
New folder (10)/Scripts/Hello.lua
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral6
Sample
New folder (10)/Scripts/Hello.lua
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
New folder (10)/autoexec.lnk
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral8
Sample
New folder (10)/autoexec.lnk
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
New folder (10)/aworkspace.lnk
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral10
Sample
New folder (10)/aworkspace.lnk
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
New folder (10)/bin/ArticDLL.dll
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral12
Sample
New folder (10)/bin/ArticDLL.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
New folder (10)/bin/artic.xml
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral14
Sample
New folder (10)/bin/artic.xml
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
New folder (10)/bin/ver.txt
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral16
Sample
New folder (10)/bin/ver.txt
Resource
win10v2004-20240508-en
windows10-2004-x64
General
-
Target
New folder (10)/autoexec.lnk
-
Size
1KB
-
MD5
b19200d719175d4052e4f7e855c6c66f
-
SHA1
a7bf64123aa000e23f7fb5a95a20fb6db6a5d23d
-
SHA256
d9398d3421ef9adc96dd6534f6157ad2498a63cd8ef453d93ec76a15e090a984
-
SHA512
69f9300c06217f6bec6cc5c87b43ec7a1fdca59d9185d9eea2eb1992403bb4643703353064debcc67b7e7284c8a9e0b5c1f26bd11fdba07f393611ceeab0a295
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 33 IoCs
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 = 4800310000000000bd588961102041430000360009000400efbeb258cfabc958534f2e000000e7640a000000080000000000000000000000000000001854230141004300000012000000 cmd.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\MRUListEx = 00000000ffffffff cmd.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU cmd.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 820074001c004346534616003100000000006c58f899120041707044617461000000741a595e96dfd3488d671733bcee28bac5cdfadf9f6756418947c5c76bc0b67f400009000400efbe6c58e199c958034e2e000000e26c0500000003000000000000000000000000000000eec409014100700070004400610074006100000042000000 cmd.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 cmd.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 9a00310000000000b258cfab1000524f424c4f587e312e524f4200007e0009000400efbeb258cfabc958544f2e000000d3640a00000008000000000000000000000000000000520b9c0052004f0042004c004f00580043004f00520050004f0052004100540049004f004e002e0052004f0042004c004f0058005f00350035006e006d00350065006800330063006d0030007000720000001c000000 cmd.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 cmd.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 cmd.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots cmd.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 cmd.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0 = 5a00310000000000bd58896110206175746f657865630000420009000400efbebd588961bd5898712e000000dc510c00000003000000000000000000000000000000185423016100750074006f006500780065006300000018000000 cmd.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell cmd.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff cmd.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff cmd.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0 cmd.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell cmd.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f44471a0359723fa74489c55595fe6b30ee0000 cmd.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff cmd.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff cmd.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff cmd.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 cmd.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 cmd.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags cmd.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 cmd.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\NodeSlot = "1" cmd.exe Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" cmd.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 5000310000000000c958f14e30004c6f63616c003c0009000400efbe6c58e199c958f14e2e000000f66c050000000300000000002c000000000000000000b4fb84004c006f00630061006c00000014000000 cmd.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 5a00310000000000ba58478e10005061636b616765730000420009000400efbe6c58999ac9588a4e2e000000c5150000000029000000000000000000000000000000bf1ec9005000610063006b006100670065007300000018000000 cmd.exe Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 cmd.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff cmd.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = 00000000ffffffff cmd.exe Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\MRUListEx = ffffffff cmd.exe