Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
25/06/2024, 10:19
General
-
Target
Istoriya Rossii Part1.jad
-
Size
197KB
-
MD5
423201f44efed6a28b970034fd5d2693
-
SHA1
e5d413ce31a2cc1ab2a3bd7e0fe986cf8741809c
-
SHA256
0b4a23cfc2067010b731f4f55d2c19931614467aa3f9b0dbfe13d4086af2c65a
-
SHA512
195c9ae05a5f6c8cdfd441e7247f7dc1920aa456800905805865fbabbed0e3e267b133880c0b69bbb8994aed4218662e94d3fbf38288267f89b62f920cfc53ff
-
SSDEEP
6144:zZOgO2nAo9pFvAcCsYaiOVatQdqLf6ZPtx680Yf:zZE2nASNCsYaitt8qLEf6xYf
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Istoriya Rossii Part1.jad"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Istoriya Rossii Part1.jad2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Istoriya Rossii Part1.jad"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5495128a5488ebabbaca05054b3b463d5
SHA1c85656a41e920fdc5eea3b5c02bcc0a2b5f35f49
SHA256b12370ad459709bb67c808e94d3023c6f0ad6b3eb1b879f09702420b85bbbb6f
SHA512f043325543563007d336bfec653f60f10b53161b89d493d6619addba4d9b2d9fbc1e5533fe0f4f292b57250e98e1546ca16d783582b22dd16b95a90edb57b7fd