Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

EldenRingS...1).zip

windows7-x64

1

EldenRingS...1).zip

windows10-2004-x64

1

EldenRingS...V1.yml

windows7-x64

3

EldenRingS...V1.yml

windows10-2004-x64

3

EldenRingS...ig.yml

windows7-x64

3

EldenRingS...ig.yml

windows10-2004-x64

3

EldenRingS...CKSYNC

windows7-x64

1

EldenRingS...CKSYNC

windows10-2004-x64

1

EldenRingS...DME.md

windows7-x64

3

EldenRingS...DME.md

windows10-2004-x64

3

EldenRingS...ERSION

windows7-x64

1

EldenRingS...ERSION

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    16/08/2024, 20:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    EldenRingSeamlessCoopRelease-main/.github/ISSUE_TEMPLATE/bugReportV1.yml

  • Size

    2KB

  • MD5

    1ca8381c97fab6042641b6ad77af4937

  • SHA1

    94ebd3e0f01625f0f7c90f70eef8893922794d25

  • SHA256

    9b30ed07c30ec56b700e501e785bca1291bf04db3dd5fc69884e213a5a559f55

  • SHA512

    3a14e8ac7fafeaac9c2b3fcad2fe65c31ee9711a8521f9c195315fa699fc2a1f64e2947ae313c51f3d8d8c582601a3fa1e83b0d08134c4fd70f9c5c9f153b92f

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\EldenRingSeamlessCoopRelease-main\.github\ISSUE_TEMPLATE\bugReportV1.yml
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2568
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\EldenRingSeamlessCoopRelease-main\.github\ISSUE_TEMPLATE\bugReportV1.yml
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1744
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\EldenRingSeamlessCoopRelease-main\.github\ISSUE_TEMPLATE\bugReportV1.yml"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2996

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    4a47615511ec2217d8758cd75732a715

    SHA1

    75118f87fcca5a7d4828bb28b214ca089e210850

    SHA256

    2bcb9722eb5ca4c221ac420f7077ba8873e11bfda41ed914f0ab772d4a5470df

    SHA512

    cc39773a76291e48d912dcff9c700922f107fc4ca168e1aae168869c2c3d9053bc0cf4b665455dd58d18d8bfb26098ed2949bc6f0698fec809aa2ac28fbb8afb

    Download Submit