Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
40s -
max time network
21s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
23/08/2024, 21:09
Static task
static1
Behavioral task
behavioral1
Sample
loader.rar
Resource
win7-20240704-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
loader.rar
Resource
win10v2004-20240802-en
3 signatures
150 seconds
General
-
Target
loader.rar
-
Size
6.6MB
-
MD5
724f410ad6d2d47c8d0a08a553ef435d
-
SHA1
da2527284d1f906537f10cda8b5dd94ea690399e
-
SHA256
e0ed5b7952fd35307c5715f0b05ed5200c16f59f7e87bc37257c8589227dbe83
-
SHA512
cbacbff3aa15dcce1fe37add9383efb15ade97494a40f887070a7551753b684bdca12b78aa53f8edd15a8ef7e6671829f875a89107b558a15079a1edfc752325
-
SSDEEP
196608:t6x7IfF5hTmseJ7AGhTPLKOtcJlO7IxDL7uQED5uEg6p:t7F5hCxJlbLK2cDeItLKbh
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_Classes\Local Settings rundll32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2288 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3008 wrote to memory of 2288 3008 cmd.exe 30 PID 3008 wrote to memory of 2288 3008 cmd.exe 30 PID 3008 wrote to memory of 2288 3008 cmd.exe 30
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\loader.rar1⤵
- Suspicious use of WriteProcessMemory
PID:3008 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\loader.rar2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:2288
-