Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07/09/2024, 23:53

General

  • Target

    robotcodedev-robotcode-280f0d4/packages/core/src/robotcode/core/ignore_spec.py

  • Size

    11KB

  • MD5

    0bd5fb9f23ff7c6435f19c48ee953672

  • SHA1

    9926f315c986375766c8fc124c0824d940f38406

  • SHA256

    c52abe95c302512ded273c2b19b9450a180f315e94c6967eb78ad3580135c255

  • SHA512

    8ed2feee69a7b7c03c1197962ba6b1b2734e8ff5ce5aea7808df1efc0c476dc5dd6ea3c116c8228e986dd9aa7c0b21273a163362a7af923039c70d0558efb93a

  • SSDEEP

    192:dXfn3qldwsrPaZ0gxf0dwITYjcLKeNzSzzVddKwt6wqeDegnEkweDoE1U1kmkei:dAdwgu0gR0dwITYj4N+Lzj8O

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\robotcodedev-robotcode-280f0d4\packages\core\src\robotcode\core\ignore_spec.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2248
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\robotcodedev-robotcode-280f0d4\packages\core\src\robotcode\core\ignore_spec.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1808
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\robotcodedev-robotcode-280f0d4\packages\core\src\robotcode\core\ignore_spec.py"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2716

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    dc2d2fdd96e289d8896c71fc77a5bc87

    SHA1

    91e880795c232b1381e8b5a1f3ba8c85367d0b0a

    SHA256

    b2478508ec5ab5c4630a784f324df98d40e1e23e097aaad23c40b96be3ac8080

    SHA512

    ffb080210c44e1c9b80a477e9bf45e067a512c263721aa18439a5e39f21303547a9462cdb1b6057faa53b63d85bd97f57519262380af498fae190a84334183a4