Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

07/11/2024, 21:24 UTC

241107-z8z12ayfnb 8

07/11/2024, 21:23 UTC

241107-z8jdaa1pdl 6

07/11/2024, 21:21 UTC

241107-z7ptnsyjdx 7

Analysis

  • max time kernel
    117s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07/11/2024, 21:23 UTC

General

  • Target

    Delta V3.61/bin/modules.json

  • Size

    639B

  • MD5

    87b829dbc0f63d72bff5664fa2177dd9

  • SHA1

    aaee2d27a5a0290af3f14a8a20a84667aff498fc

  • SHA256

    df98a2a55cd20d372e43356f931a1bd5aad946b44e92f407405e9ac65539458e

  • SHA512

    e827da6e7e4d85e328b51a2b2c1ed4db7b0b453a5cdca066b210b58c0c8d9c912e90324f45a3682450a4ee2519806eb5295226acd7ec7d40e952ce061f350318

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Delta V3.61\bin\modules.json"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2676
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Delta V3.61\bin\modules.json
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2700
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Delta V3.61\bin\modules.json"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2860

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    50f70c0a174d92d6d6c674691b05a477

    SHA1

    8034ee667ba1429f4e059c86f71b336dc2faa3cc

    SHA256

    fbfb6c09d0557649d4872dc36637eaa8fffcc816b902631109ee9399aba05126

    SHA512

    85c6fc35364762e871f5ec8deaecf87a3f3487cd6a92299e7ecb10bc90af1beb51804a72acad46bc46c1e748e7adb119ebad6ced5a4df665942fcc3010a3f1dd

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.