Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    05/08/2024, 12:56

General

  • Target

    Kematian-main/main.py

  • Size

    1KB

  • MD5

    d97a482f3784cbad5c2db528fe105af0

  • SHA1

    f2df3d8b7944ec665a817dc8730a08ad29b6f607

  • SHA256

    a7d629ee76174056348db8c9905c34ed08b301bb1d8443eaf07e068506a10e30

  • SHA512

    b548df0977dd3b184c93c721fc92bd6cde5f24f2f57c71d14dd6ed49277fbac285ca06ae314c2ff5e5a138d4eb7fa0b8174454bfbe11358a742e3aff42e26174

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Kematian-main\main.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2820
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Kematian-main\main.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2724
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Kematian-main\main.py"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2652

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    7ac1979c13a43f6326d3c04249986b5e

    SHA1

    7a5d09f6869cb75686ae8c4a488dc4208d8e8ddb

    SHA256

    f96459d5fc409e5ff75311366d831b0e7dae6e31dd41a478a4574c9494982e2e

    SHA512

    3d0953df7a1c47a53dba31a0c6a3dcb626e191788493252997e91473b5da2065f3c3e169374a33d34a70a499c80e3e5529cad21bd274727dc293fef66d00f0bd