Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

RoPro.rar

windows7-x64

3

RoPro.rar

windows10-2004-x64

3

RoPro/_loc...s.json

windows7-x64

3

RoPro/_loc...s.json

windows10-2004-x64

3

RoPro/_loc...s.json

windows7-x64

3

RoPro/_loc...s.json

windows10-2004-x64

3

RoPro/_loc...s.json

windows7-x64

3

RoPro/_loc...s.json

windows10-2004-x64

3

RoPro/_loc...s.json

windows7-x64

3

RoPro/_loc...s.json

windows10-2004-x64

3

RoPro/_loc...s.json

windows7-x64

3

RoPro/_loc...s.json

windows10-2004-x64

3

RoPro/_loc...s.json

windows7-x64

3

RoPro/_loc...s.json

windows10-2004-x64

3

RoPro/_loc...s.json

windows7-x64

3

RoPro/_loc...s.json

windows10-2004-x64

3

RoPro/_loc...s.json

windows7-x64

3

RoPro/_loc...s.json

windows10-2004-x64

3

RoPro/_loc...s.json

windows7-x64

3

RoPro/_loc...s.json

windows10-2004-x64

3

RoPro/_loc...s.json

windows7-x64

3

RoPro/_loc...s.json

windows10-2004-x64

3

RoPro/_loc...s.json

windows7-x64

3

RoPro/_loc...s.json

windows10-2004-x64

3

RoPro/_loc...s.json

windows7-x64

3

RoPro/_loc...s.json

windows10-2004-x64

3

RoPro/_loc...s.json

windows7-x64

3

RoPro/_loc...s.json

windows10-2004-x64

3

RoPro/_loc...s.json

windows7-x64

3

RoPro/_loc...s.json

windows10-2004-x64

3

RoPro/_loc...s.json

windows7-x64

3

RoPro/_loc...s.json

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    18/08/2024, 15:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RoPro/_locales/ar/messages.json

  • Size

    5KB

  • MD5

    5bd05f54b24ba0b06bb862af2bd10726

  • SHA1

    84b00cd589084a76dbdb7619253c15bf129220ba

  • SHA256

    5e3e7e70a965ba9e0df456c2d3b84346a92c97131f4b63c26c72216d4abaf77c

  • SHA512

    d03fab38d52f65f5c680b551462a44a064c033738fc5c3bc011780f77c1a4aa170f8b7bb256e29798d967fa7ada1ba103cf2254ed9fe68bebfdb8efff80f2639

  • SSDEEP

    48:aSekLBqxik9Mfz16m+fYN2uv0uYDW3Fc3guVkY1KbS5nLq/xSOsx/q5VDOcvAHbI:r16hfQ2uv0ud3QrVkYkOliVDnobxOpV

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\RoPro\_locales\ar\messages.json
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2060
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\RoPro\_locales\ar\messages.json
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2788
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\RoPro\_locales\ar\messages.json"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2868

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    7c70d612d1fd64e86ad406fb0457a85b

    SHA1

    91e57807065b55ae660c8bcba53c8d84053297ce

    SHA256

    bb6b9bc3c76385b2c6a51f5fe5b6ff7edec96cdea80ec43c6c5578076d757c0e

    SHA512

    0e47aca89875105cfd848df5bdabf0de02c8d41c3fa96132a5a7e8240f682d6133efcee7c23d703f9ff83fd80059566e64aa2a1049fabe726f47c4ecfa4e872d

    Download Submit