Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    140s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14/09/2024, 08:09

General

  • Target

    8189.exe

  • Size

    2.3MB

  • MD5

    5eaad709134be9a165a968698724e71b

  • SHA1

    5d94fe8b11897b1f64dab3882dc174d936a034ba

  • SHA256

    9275cc64fb4d5fd7a90b137c78b39808b112e6732722b5743d45846a3293214c

  • SHA512

    165f002ab885420a50e353ed13c9c2fd8d5f5bf11066de9ed63c23938bf98e9172210cc468ad911065ffa6dfcda594240f17e1f432d42fdfa6a6312874bc93a0

  • SSDEEP

    24576:eelo5jh+9b8SL1lAdL5+FPI3YqOcHQSFablTmVf6xquGjHneFUJfK66n232u:Xl+h+1qs0Y/BTmtuGjHnev6+uF

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8189.exe
    "C:\Users\Admin\AppData\Local\Temp\8189.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    PID:984

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/984-0-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

  • memory/984-2-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

  • memory/984-1-0x0000000000400000-0x0000000000640000-memory.dmp

    Filesize

    2.2MB