Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    103s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21/09/2024, 00:00 UTC

General

  • Target

    Paste 4.4.0 [MacKed]/.VolumeIcon.icns

  • Size

    385KB

  • MD5

    b7ffda8754a884d91e3073cb7383037f

  • SHA1

    a846ee4a60e63d7dc4d192ed5f9ce2be5133d299

  • SHA256

    93f7a4483c0b7de19cee799fa0e89b1d574195de70ade7da6354797da9a06a35

  • SHA512

    46ae331e2f98d2f7fd4f332193b7acb5bda64bdfd13f299427b731da1724f4aa655b2692d4444f609e84615536943cf0faa16d21b708fb167f6ffca09656df53

  • SSDEEP

    12288:v1HueinnlNeE8zOonpP9LmKXscisfEJhj:9H2nlgE8zOKBXsL/3j

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Paste 4.4.0 [MacKed]\.VolumeIcon.icns"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2260
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Paste 4.4.0 [MacKed]\.VolumeIcon.icns
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2792
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Paste 4.4.0 [MacKed]\.VolumeIcon.icns"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2816

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    3d9396c39611d00c3e03f8d6db6771e9

    SHA1

    3ba78104662a05f7be036df4effc1f76f7814d94

    SHA256

    5789e0771c880716cba9b560502fe33ede759623fc7f1218955618942b459f46

    SHA512

    463e296d3a9446fa9f11447730ce099e738d00401da9e09c6cc6329134a3132c1f87ca49b7ab1a470456a27e1e56c8785e65cd0b709f8cc50390f8bd2a333cad

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.