Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

captainsim...es.rar

windows7-x64

3

captainsim...es.rar

windows10-2004-x64

3

captainsim...tz.ttf

windows7-x64

4

captainsim...tz.ttf

windows10-2004-x64

7

captainsim...ar.ttf

windows7-x64

3

captainsim...ar.ttf

windows10-2004-x64

7

captainsim...ch.flt

windows7-x64

3

captainsim...ch.flt

windows10-2004-x64

3

captainsim...se.flt

windows7-x64

3

captainsim...se.flt

windows10-2004-x64

3

captainsim...ft.cfg

windows7-x64

3

captainsim...ft.cfg

windows10-2004-x64

3

captainsim...on.flt

windows7-x64

3

captainsim...on.flt

windows10-2004-x64

3

captainsim...as.cfg

windows7-x64

3

captainsim...as.cfg

windows10-2004-x64

3

captainsim...mb.flt

windows7-x64

3

captainsim...mb.flt

windows10-2004-x64

3

captainsim...es.cfg

windows7-x64

3

captainsim...es.cfg

windows10-2004-x64

3

captainsim...al.flt

windows7-x64

3

captainsim...al.flt

windows10-2004-x64

3

captainsim...el.cfg

windows7-x64

3

captainsim...el.cfg

windows10-2004-x64

3

captainsim...ay.cfg

windows7-x64

3

captainsim...ay.cfg

windows10-2004-x64

3

captainsim...04.bin

windows7-x64

3

captainsim...04.bin

windows10-2004-x64

3

captainsim...4.gltf

windows7-x64

3

captainsim...4.gltf

windows10-2004-x64

3

captainsim...04.xml

windows7-x64

3

captainsim...04.xml

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    28/09/2024, 17:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    captainsim-aircraft-m774-v1-3-0-updated-liveries.rar

  • Size

    345.2MB

  • MD5

    3822a805952ba74f3bcdf288ab71fd29

  • SHA1

    353711013d2c3290854c5e029ee3c74acb35f998

  • SHA256

    18139a654a7161b085bb900abbe306b08694874d9288369f56e065c54af6f3f0

  • SHA512

    89e946c00ac38ec128877d70b161453acfdcdd594f1092762489eb8a9151ca6be5bc7039c6677914caf0731ac3929f5a51e1e9e4dbcc5cfac8be6e2c25fdc76d

  • SSDEEP

    6291456:Zqx+tX904fsW1n5JsitGyassuEWpq86vW4poJ3V856OS+S74LeAujXeY0:M+/Zrn7llahi6bylO8DTbVjg

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\captainsim-aircraft-m774-v1-3-0-updated-liveries.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2528
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\captainsim-aircraft-m774-v1-3-0-updated-liveries.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2108
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\captainsim-aircraft-m774-v1-3-0-updated-liveries.rar
        3⤵
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:2876
        • C:\Program Files\VideoLAN\VLC\vlc.exe
          "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\captainsim-aircraft-m774-v1-3-0-updated-liveries.rar"
          4⤵
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          PID:1716

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
    Filesize

    3KB

    MD5

    0e99a7d3ce16050cbed3a8428b3bd356

    SHA1

    2ca6fdf37fa747d315ade8a38915fb81577a04e4

    SHA256

    48182205abfd5bb61d07ebfa0d81071b512fa6633fd8a284dd5cb967fbf08b8d

    SHA512

    4ed8dbc9c4a3b225b89325f8bb329c33a8e667a28631abae9780dc01eefeaa006cbfbdfd5ffc19f2c145b8dd185de04a8c97aa7a42e8e87752523ad0b528c4f1

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock
    Filesize

    18B

    MD5

    bc50f52549ed0081d2dee55afb806835

    SHA1

    47f20e1155eed8cfe5fcc08f48e122115fa93fc4

    SHA256

    b939b5c05b2402f6f1bc2ddb86f0d239c4caa405e3b7fbb2dacfcdf443fead41

    SHA512

    c39b5f95005c622a32da8b81e2585109289fb8b554b59252805164098dc3702c5bb70e186ee63febf6d108afa003f69908a56431c34559c7f9fad67ca0dd886f

    Download Submit

  • memory/1716-83-0x000007FEF3C80000-0x000007FEF3C91000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1716-80-0x000007FEF5C50000-0x000007FEF5C61000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1716-56-0x000007FEFB2C0000-0x000007FEFB2D7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1716-55-0x000007FEFB2E0000-0x000007FEFB2F1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1716-54-0x000007FEFB300000-0x000007FEFB317000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1716-53-0x000007FEFB320000-0x000007FEFB338000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1716-52-0x000007FEF62B0000-0x000007FEF6566000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/1716-51-0x000007FEFB340000-0x000007FEFB374000-memory.dmp

    Filesize

    208KB

    Download

  • memory/1716-50-0x000000013F1B0000-0x000000013F2A8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1716-60-0x000007FEF48F0000-0x000007FEF59A0000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/1716-61-0x000007FEF5F70000-0x000007FEF617B000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1716-76-0x000007FEF5CF0000-0x000007FEF5D18000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1716-89-0x000007FEF3BB0000-0x000007FEF3BC1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1716-88-0x000007FEF3BD0000-0x000007FEF3BE2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1716-87-0x000007FEF3BF0000-0x000007FEF3C1A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1716-86-0x000007FEF3C20000-0x000007FEF3C36000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1716-85-0x000007FEF3C40000-0x000007FEF3C58000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1716-84-0x000007FEF3C60000-0x000007FEF3C72000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1716-58-0x000007FEF7C50000-0x000007FEF7C6D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/1716-82-0x000007FEF3CA0000-0x000007FEF3CB1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1716-57-0x000007FEF7C70000-0x000007FEF7C81000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1716-79-0x000007FEF5C70000-0x000007FEF5C93000-memory.dmp

    Filesize

    140KB

    Download

  • memory/1716-81-0x000007FEF5C30000-0x000007FEF5C42000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1716-78-0x000007FEF5CA0000-0x000007FEF5CB8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1716-77-0x000007FEF5CC0000-0x000007FEF5CE4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/1716-75-0x000007FEF5D20000-0x000007FEF5D77000-memory.dmp

    Filesize

    348KB

    Download

  • memory/1716-74-0x000007FEF5D80000-0x000007FEF5D91000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1716-73-0x000007FEF5DA0000-0x000007FEF5E1C000-memory.dmp

    Filesize

    496KB

    Download

  • memory/1716-72-0x000007FEF5E20000-0x000007FEF5E87000-memory.dmp

    Filesize

    412KB

    Download

  • memory/1716-71-0x000007FEF5E90000-0x000007FEF5EC0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1716-70-0x000007FEF5EC0000-0x000007FEF5ED8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1716-69-0x000007FEF5EE0000-0x000007FEF5EF1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1716-68-0x000007FEF5F00000-0x000007FEF5F1B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1716-67-0x000007FEF5F20000-0x000007FEF5F31000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1716-66-0x000007FEF6A70000-0x000007FEF6A81000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1716-65-0x000007FEF6C10000-0x000007FEF6C21000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1716-64-0x000007FEF70F0000-0x000007FEF7108000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1716-63-0x000007FEF5F40000-0x000007FEF5F61000-memory.dmp

    Filesize

    132KB

    Download

  • memory/1716-62-0x000007FEF6C30000-0x000007FEF6C71000-memory.dmp

    Filesize

    260KB

    Download

  • memory/1716-107-0x000007FEF62B0000-0x000007FEF6566000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/1716-59-0x000007FEF7C30000-0x000007FEF7C41000-memory.dmp

    Filesize

    68KB

    Download