Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
579s -
max time network
362s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
14/07/2024, 07:00
Static task
static1
Behavioral task
behavioral1
Sample
teleopti_te_eg.pfx
Resource
win7-20240705-en
4 signatures
600 seconds
Behavioral task
behavioral2
Sample
teleopti_te_eg.pfx
Resource
win10v2004-20240709-en
0 signatures
600 seconds
General
-
Target
teleopti_te_eg.pfx
-
Size
5KB
-
MD5
88c01f786c26a0333a71f66cd7179d64
-
SHA1
871fbc4cc967104e7a2fa5522d27ee9e575623b8
-
SHA256
eb3c8d9cf2fbc41e039e1878117a34e440c6e709fa17b31420e7c188f5dbfdcb
-
SHA512
32c536a780cf71d8f112106016eb3864f28b691a7e8dedfbef425a4c242fd5d8b3a6410b3a41c71d743e3f694bb77240aa8c7d5d5da2ccb486c3e547dc2c1442
-
SSDEEP
96:i4KdZeATOuB5mvcyqSAYV1ginSN8Y2BJjvo0lysr0gxzzdSnOwzjh9+nZ7JY3i7x:i4KdB+vcg6p2TA04bgHEOgFEnjx
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\SystemCertificates\CA\Certificates\784378291E672186D904E87E61E5CFD3321BDF43 rundll32.exe Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\SystemCertificates\CA\Certificates\784378291E672186D904E87E61E5CFD3321BDF43\Blob = 030000000100000014000000784378291e672186d904e87e61e5cfd3321bdf432000000001000000a8050000308205a43082048ca00302010202133a000000035d5843edef5b172f000000000003300d06092a864886f70d01010b050030133111300f060355040313085445526f6f744341301e170d3137303130393131333132365a170d3337303130393039313831355a306031143012060a0992268993f22c6401191604636f7270311c301a060a0992268993f22c640119160c54656c65636f6d456779707431153013060a0992268993f22c6401191605436169726f311330110603550403130a544553756243412d303130820122300d06092a864886f70d01010105000382010f003082010a0282010100983b1d95cc2913639490405ca5c27602800136511fa19cac2defb9876ddc9d38c329f46ce0d28c7a4b650491d06488400a8bd7805877aedc834aedfd15bef3860c6cfddee5c169ee366456323cc36d7f6103484fa43e15d43349dfaf6cea4ca6cfc9d6b0ba25d87b88b12c5ccc0728d7ee8e18e640063a4e3012f83bb6f08faaad58a4cabb84d514c9bd79a5b81d7f414c573c68bd17b82d0cb3a7cfc9301c6e755d197418fe0a02de3b6efdacb7d4ef73178d35254192fa5b61ea4aff2d6f112258417c08ad03edad797d451c2dbdb690ab2cc4473ba3157eff93f4c9b280afe4773c097da9c8da07036d8a0e90d3efe4059405c082650406e994f7170d33f70203010001a38202a23082029e301206092b060104018237150104050203010001302306092b060104018237150204160414e85feec84b468fb2454f692141d5755bf633ee3d301d0603551d0e04160414d3b28a03a7a6d193d05749ac9e0ffe7e41b0d385301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d2304183016801479079a0fe5f20d82dbe9140475010733e0ba21973081ef0603551d1f0481e73081e43081e1a081dea081db8681aa6c6461703a2f2f2f434e3d5445526f6f7443412c434e3d737662372d726f6f7463612d30312c434e3d4344502c434e3d5075626c69632532304b657925323053657276696365732c434e3d53657276696365732c44433d556e617661696c61626c65436f6e666967444e3f63657274696669636174655265766f636174696f6e4c6973743f626173653f6f626a656374436c6173733d63524c446973747269627574696f6e506f696e74862c687474703a2f2f737662372d73756263612d30312f43657274456e726f6c6c2f5445526f6f7443412e63726c3081f706082b060105050701010481ea3081e730819b06082b0601050507300286818e6c6461703a2f2f2f434e3d5445526f6f7443412c434e3d4149412c434e3d5075626c69632532304b657925323053657276696365732c434e3d53657276696365732c44433d556e617661696c61626c65436f6e666967444e3f634143657274696669636174653f626173653f6f626a656374436c6173733d63657274696669636174696f6e417574686f72697479304706082b06010505073002863b687474703a2f2f737662372d73756263612d30312f43657274456e726f6c6c2f737662372d726f6f7463612d30315f5445526f6f7443412e637274300d06092a864886f70d01010b0500038201010001be85fa41c57798d08de74f8286f5c39ef3bc39a11e2124b0cf056521f36220ae1bfc87d0883fc4442312597bb8dd3574dea0f6cc2c6d076202bbf0972c9a9f3ed6cc8d6ade907cb47191cc6ae74fe9e0fb2950ab22efe54e524727da251d01e63ed62c10414d8c4715d842a29d12dd9b40c4676578d3d801564fe8ff9c3c550d17a6eff949d2ca2a7769267901f30826ee3f789cdc8e229c1702707ef52c0dccc4271fa0564b5528a0d92bf9afd75dd7c40aa1eb64519d063338255772749bd3add3914fcc14b5890c832cab6387ef3956bb71714e01b7a633092103e91651432a43eb9ee022b19807831e399ea65d1df4542e237261d5b1e77358fb5fb525 rundll32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2680 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2304 wrote to memory of 2680 2304 cmd.exe 32 PID 2304 wrote to memory of 2680 2304 cmd.exe 32 PID 2304 wrote to memory of 2680 2304 cmd.exe 32
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\teleopti_te_eg.pfx1⤵
- Suspicious use of WriteProcessMemory
PID:2304 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" cryptext.dll,CryptExtAddPFX C:\Users\Admin\AppData\Local\Temp\teleopti_te_eg.pfx2⤵
- Modifies system certificate store
- Suspicious behavior: GetForegroundWindowSpam
PID:2680
-