Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

Version-1-...al.rar

windows7-x64

3

Version-1-...al.rar

windows10-2004-x64

3

Analysis

  • max time kernel
    14s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    16/08/2024, 21:01 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Version-1-Tulpical.rar

  • Size

    668KB

  • MD5

    bbff361fdcc6f2dd16e19ab91ef98d18

  • SHA1

    9e7d67052de93cc671423e427e8af683fc765dc2

  • SHA256

    1780ba40d833cf8aab745556f0a77673cf2f0d178805cc39afb765d5e4da7275

  • SHA512

    f0e8af2d7d386952893a8c841471cee1bb5378d22d52718488f4161eaf62075367a85c758869869946ed89fb82d0554f38d0fd1a0da9ae9bef48d79fe82dd66b

  • SSDEEP

    12288:ztX5LKb0T5WPOaBEqNaTuwKPFxHBiUsmMVuR+i3GPvZdUd0DEty7qyYBbgTPBN3S:+w5WPOpqNa6wKPFxHHmiP3GHnK4wBbga

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of FindShellTrayWindow 10 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Version-1-Tulpical.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2584
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Version-1-Tulpical.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2224
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Version-1-Tulpical.rar
        3⤵
        • Modifies registry class
        • Suspicious use of FindShellTrayWindow
        PID:2860

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.