Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    295s
  • max time network
    317s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    11/07/2024, 10:17

General

  • Target

    Neo/LuminarNeoSetup-2.bin

  • Size

    664.7MB

  • MD5

    2228749f99e227228cba73c286da66cb

  • SHA1

    32d9546d5f0d319999ff438b05543331f1523dd9

  • SHA256

    f42b757466fcdecfe579d77ecad12992190dda3a0beea04b975afbd5423176c1

  • SHA512

    7047123d41c86ba284e04e11f1ee97268f338a96dc3e593525c69dcedb0139c7c0fd63c1a4920dec5b92461125be53beba465484da58e442d500c860d448fb84

  • SSDEEP

    12582912:c/kDG6r1eqQCzzfbzWvgoRmJqW2yh2bpnUGFXcFF1EZBBSfid96wrQViS:4T6ZpzzDz1oR2IdNtXGEcifO

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Neo\LuminarNeoSetup-2.bin
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1640
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Neo\LuminarNeoSetup-2.bin
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:3036
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Neo\LuminarNeoSetup-2.bin"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2648
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2284
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x4f4
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:296

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

      Filesize

      3KB

      MD5

      acb0ea2ae727cb9bc0b26c89e08e6f25

      SHA1

      e0e197ead988172cbcb8399556018e487cb519d5

      SHA256

      6d178f7221a6bd6dc071701eec565fad1a53ab2035d0f88852b63c42f8344647

      SHA512

      08aa312780011e23b6841c23f95d9239457f5806c4714104d69cf2c5c6a2dd8203aeef38e40ae87eee2d49accd0e120072a94aba9928f3070430a5315e5247b4