Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
03/09/2024, 15:50
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
file.exe
-
Size
896KB
-
MD5
d1e279db4bc12765c9bbb2334972cd86
-
SHA1
dcba210d7bbc45bc396db2875f9cf029b5c0dd66
-
SHA256
e22731d9c3a47edcc4e6d1e31d1eba588d8778f05dce1ba16e8a0d189eacfb01
-
SHA512
8b50deea3a125afc1297fef05e371af1cd1ada9a102c3817cf84af67d70038a266585d8419fea1e640c2e21e58e7e90a4237b96ed2ead725883dc5cbd85302ac
-
SSDEEP
12288:0qDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgacTp:0qDEvCTbMWu7rQYlBQcBiT6rprG8asp
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language file.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe 2512 file.exe