Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
14/09/2024, 08:09
Static task
static1
Behavioral task
behavioral1
Sample
8189.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
8189.exe
Resource
win10v2004-20240802-en
General
-
Target
8189.exe
-
Size
2.3MB
-
MD5
5eaad709134be9a165a968698724e71b
-
SHA1
5d94fe8b11897b1f64dab3882dc174d936a034ba
-
SHA256
9275cc64fb4d5fd7a90b137c78b39808b112e6732722b5743d45846a3293214c
-
SHA512
165f002ab885420a50e353ed13c9c2fd8d5f5bf11066de9ed63c23938bf98e9172210cc468ad911065ffa6dfcda594240f17e1f432d42fdfa6a6312874bc93a0
-
SSDEEP
24576:eelo5jh+9b8SL1lAdL5+FPI3YqOcHQSFablTmVf6xquGjHneFUJfK66n232u:Xl+h+1qs0Y/BTmtuGjHnev6+uF
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 8189.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 984 8189.exe