Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Battly-Lau...ws.exe

windows7-x64

7

Battly-Lau...ws.exe

windows10-2004-x64

7

resources/...r.json

windows7-x64

3

resources/...r.json

windows10-2004-x64

3

resources/...NSE.md

windows7-x64

3

resources/...NSE.md

windows10-2004-x64

3

resources/...e.json

windows7-x64

3

resources/...e.json

windows10-2004-x64

3

resources/...ICENSE

windows7-x64

1

resources/...ICENSE

windows10-2004-x64

1

resources/...e.json

windows7-x64

3

resources/...e.json

windows10-2004-x64

3

resources/...icense

windows7-x64

1

resources/...icense

windows10-2004-x64

1

resources/...icense

windows7-x64

1

resources/...icense

windows10-2004-x64

1

resources/...e.json

windows7-x64

3

resources/...e.json

windows10-2004-x64

3

resources/...icense

windows7-x64

1

resources/...icense

windows10-2004-x64

1

resources/...e.json

windows7-x64

3

resources/...e.json

windows10-2004-x64

3

resources/...e.json

windows7-x64

3

resources/...e.json

windows10-2004-x64

3

resources/...e.json

windows7-x64

3

resources/...e.json

windows10-2004-x64

3

resources/...ICENSE

windows7-x64

1

resources/...ICENSE

windows10-2004-x64

1

resources/...e.json

windows7-x64

3

resources/...e.json

windows10-2004-x64

3

resources/...ICENSE

windows7-x64

1

resources/...ICENSE

windows10-2004-x64

1

Analysis

  • max time kernel
    12s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    01/07/2024, 21:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    resources/app/node_modules/color-convert/package.json

  • Size

    451B

  • MD5

    8eeea2a6b7ba5169c33b486cad10ec3b

  • SHA1

    0e7b68e149e158306402e46aa17a06699ac79c33

  • SHA256

    5a56bf5ce5ddd347644a5e7804435e583742717221d1c7024c75de766214c8f7

  • SHA512

    9c505db029e4466ed62e5e69d70a7d6bb538aaeb8289c7642373e9c33af5f46cbedb6c3125ab28bb46b5ea89b56aedc6ba6b824db1eddad5f830a66d56d64efc

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\resources\app\node_modules\color-convert\package.json
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2556
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\resources\app\node_modules\color-convert\package.json
      2⤵
        PID:2620
        • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
          "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\resources\app\node_modules\color-convert\package.json"
          3⤵
            PID:1876

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
        Filesize

        3KB

        MD5

        93113f4c63190c76d392b26e43304966

        SHA1

        9f1323990954237401b01e3a892d57f4a10330cb

        SHA256

        f0c5535814fd559ccb27c02203d0495594535024b414d15bdb0bf9d8b8e9a371

        SHA512

        36a7146e2beaa377b29690ba6552ca59a5ceddd8e0ab3c0ddb93a76b43355a9f40f9f273d2a0c0004986bf09c73c457128e339fc6811d322dc9cd1d1efffe963

        Download Submit