Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
14s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
16/08/2024, 21:01
General
-
Target
Version-1-Tulpical.rar
-
Size
668KB
-
MD5
bbff361fdcc6f2dd16e19ab91ef98d18
-
SHA1
9e7d67052de93cc671423e427e8af683fc765dc2
-
SHA256
1780ba40d833cf8aab745556f0a77673cf2f0d178805cc39afb765d5e4da7275
-
SHA512
f0e8af2d7d386952893a8c841471cee1bb5378d22d52718488f4161eaf62075367a85c758869869946ed89fb82d0554f38d0fd1a0da9ae9bef48d79fe82dd66b
-
SSDEEP
12288:ztX5LKb0T5WPOaBEqNaTuwKPFxHBiUsmMVuR+i3GPvZdUd0DEty7qyYBbgTPBN3S:+w5WPOpqNa6wKPFxHHmiP3GHnK4wBbga
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
-
Suspicious use of FindShellTrayWindow 10 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Version-1-Tulpical.rar1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Version-1-Tulpical.rar2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Version-1-Tulpical.rar3⤵
- Modifies registry class
- Suspicious use of FindShellTrayWindow
-
-