Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    121s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    01/09/2024, 15:33

General

  • Target

    me/vagdedes/spartan/a/a/a$a.class

  • Size

    570B

  • MD5

    82f5eeb3b833bcffbd1815c67c9879f7

  • SHA1

    a71b7bca2afd1cce67cf551d65a930d240be951b

  • SHA256

    16f64aabd31b974de4beaffb846a383699d10edd2420bb6112c10078a9c69fff

  • SHA512

    adaca4a40c024ef818a007c5c06266079b3b9eff7ec665d479670c900232d3b8582e4ebca82756a3c54611ccfe6cdf586b04f38c373e9b907c70e3a504ae6ebd

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\me\vagdedes\spartan\a\a\a$a.class
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2088
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\me\vagdedes\spartan\a\a\a$a.class
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2168
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\me\vagdedes\spartan\a\a\a$a.class"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2812

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    3fd9dee3668edd71b2368e81fc5c1eb3

    SHA1

    55a5b140462a4cc4a59032b4cf683f2b618f3b14

    SHA256

    10ec96d539b6b97e740f68b1305ce9b55972d46dfc9578f767cec9355d408945

    SHA512

    641820080a53d3c8c7bee296fbf3c3798c48116e8cba630b03613c33a41e18e8551350fe2e66d4594d0d46cd0b2009d5111fcf1a423f807d763fade7955e61f6