Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
13/07/2024, 17:49
General
-
Target
AM.class
-
Size
1KB
-
MD5
99eec35e846128e2cab4c6ac1d2ae710
-
SHA1
095711f29597e81dcde80b965dae38a8f5b7ec56
-
SHA256
fc95beab9e006ad9fda4e9514323c16fda251b8a596c0f1a8db6c37e41764554
-
SHA512
de71186de8aa2089e886284ae93eacedaf1f03e1781057f376aba0c02122c2a1fd8d1f92b30473442392ff244e103a4566029e19c6f5d163dfe13dceef6faf39
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\AM.class1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\AM.class2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\AM.class"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5518fb68fef7f4beb4ff9745db873ca88
SHA1067612f30bebbd41eceaecab29ae842699be129b
SHA256e22ecc8ac27e3384f976071abcc91acd9edab6af35419810fb78a66b69a5b0c6
SHA5127cec66c11b0d966a801c9d74f442fb02c7e9a816d1200ba75e2526e91c823a9c8341d25d37ab46e73cb59f85130e9eadec44a4e000d8cc9b715b4596baf20ed2