Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

26/07/2024, 18:28 UTC

240726-w4pgyszeje 7

26/07/2024, 18:14 UTC

240726-wvc3kawbml 7

Analysis

  • max time kernel
    117s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    26/07/2024, 18:28 UTC

General

  • Target

    Resource/Font/CourierStd.otf

  • Size

    30KB

  • MD5

    f4c2d3851e2781b2b3ff60a2e34e81ac

  • SHA1

    779f9fee6d37c37a03601ec1ab406d055e8e7692

  • SHA256

    54cb5c8e9775cb432afe32b0af688536354ad04ef9c9f1450ee7c88a73bc884d

  • SHA512

    218cf55522d6edd88ad92acaa6d440f0f7ff2a0688948a834ef21eff7ca6a915622723720dae234e412e788ee7b722261b1a238a12d05c7f63f24d854fdad43d

  • SSDEEP

    768:px0Kx7uekYqrdC/MNVO6MFsSStwPHMjz9Qc3:j3RuexqrdGYmJStYHmz913

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Resource\Font\CourierStd.otf
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1676
    • C:\Windows\System32\fontview.exe
      "C:\Windows\System32\fontview.exe" C:\Users\Admin\AppData\Local\Temp\Resource\Font\CourierStd.otf
      2⤵
        PID:2264

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.