Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

25/08/2024, 10:12

240825-l8vvesyeke 3

25/08/2024, 10:07

240825-l5r95aycpa 3

Analysis

  • max time kernel
    425s
  • max time network
    450s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/08/2024, 10:07

General

  • Target

    The Henry Stickmin Collection/Adobe AIR/Versions/1.0/Resources/AdobeCP15.dll

  • Size

    3.3MB

  • MD5

    64a91e9ea17910657f8a7eaae7a4afd0

  • SHA1

    c6e8637b6a5e11bd69b6d6a1742df4fc612fc08b

  • SHA256

    6fcf417f525f29eb89243afdf82a97f9e85fb468e042b0f87cb6fc68d8933901

  • SHA512

    0cfe0f26f345e9ae52c5fdb05a852d6b02aa6b1f0f1a17310e7d02885ace7cd52a26bbf9e4df8618242823282f499e3f162430abd218685649409b0c7f8b8805

  • SSDEEP

    98304:XcYiLP9WspdG83NSXFx4irHUFEHbICfJZ37AYTXGsc:XcZLPjrG83NSXFx4irHUFEHbIQJZ8yW3

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\The Henry Stickmin Collection\Adobe AIR\Versions\1.0\Resources\AdobeCP15.dll",#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3716
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\The Henry Stickmin Collection\Adobe AIR\Versions\1.0\Resources\AdobeCP15.dll",#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1148

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads