Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    579s
  • max time network
    362s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    14/07/2024, 07:00

General

  • Target

    teleopti_te_eg.pfx

  • Size

    5KB

  • MD5

    88c01f786c26a0333a71f66cd7179d64

  • SHA1

    871fbc4cc967104e7a2fa5522d27ee9e575623b8

  • SHA256

    eb3c8d9cf2fbc41e039e1878117a34e440c6e709fa17b31420e7c188f5dbfdcb

  • SHA512

    32c536a780cf71d8f112106016eb3864f28b691a7e8dedfbef425a4c242fd5d8b3a6410b3a41c71d743e3f694bb77240aa8c7d5d5da2ccb486c3e547dc2c1442

  • SSDEEP

    96:i4KdZeATOuB5mvcyqSAYV1ginSN8Y2BJjvo0lysr0gxzzdSnOwzjh9+nZ7JY3i7x:i4KdB+vcg6p2TA04bgHEOgFEnjx

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies system certificate store 2 TTPs 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\teleopti_te_eg.pfx
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2304
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" cryptext.dll,CryptExtAddPFX C:\Users\Admin\AppData\Local\Temp\teleopti_te_eg.pfx
      2⤵
      • Modifies system certificate store
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads