Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
3Malware Sa...danger
windows7-x64
3Malware Sa...danger
windows10-2004-x64
3Malware Sa...danger
windows7-x64
3Malware Sa...danger
windows10-2004-x64
3Malware Sa...danger
windows7-x64
3Malware Sa...danger
windows10-2004-x64
3Malware Sa...danger
windows7-x64
3Malware Sa...danger
windows10-2004-x64
3Malware Sa...danger
windows7-x64
3Malware Sa...danger
windows10-2004-x64
3Malware Sa...danger
windows7-x64
3Malware Sa...danger
windows10-2004-x64
3Malware Sa...danger
windows7-x64
3Malware Sa...danger
windows10-2004-x64
3Malware Sa...danger
windows7-x64
3Malware Sa...danger
windows10-2004-x64
36287467283873,pdf.exe
windows7-x64
106287467283873,pdf.exe
windows10-2004-x64
10Malware Sa...danger
windows7-x64
3Malware Sa...danger
windows10-2004-x64
3Malware Sa...danger
windows7-x64
3Malware Sa...danger
windows10-2004-x64
3Malware Sa...danger
windows7-x64
3Malware Sa...danger
windows10-2004-x64
3Malware Sa...danger
windows7-x64
3Malware Sa...danger
windows10-2004-x64
3Malware Sa...danger
windows7-x64
3Malware Sa...danger
windows10-2004-x64
3Malware Sa...danger
windows7-x64
3Malware Sa...danger
windows10-2004-x64
3Malware Sa...danger
windows7-x64
3Malware Sa...danger
windows10-2004-x64
Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
17/11/2024, 08:04
Static task
static1
Behavioral task
behavioral1
Sample
Malware Samples/0e634c282954fed04fc11071c8e6e13f.danger
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Malware Samples/0e634c282954fed04fc11071c8e6e13f.danger
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Malware Samples/12e90e4b70e21ee2e80f2563f43e72ab.danger
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
Malware Samples/12e90e4b70e21ee2e80f2563f43e72ab.danger
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Malware Samples/1d8789bb3b825f6119fbf8aaff2a7db2.danger
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Malware Samples/1d8789bb3b825f6119fbf8aaff2a7db2.danger
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Malware Samples/2fe23715380e143ce8dfcd815d82a66f.danger
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
Malware Samples/2fe23715380e143ce8dfcd815d82a66f.danger
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Malware Samples/3449d1d98ec260570959636e381f0daf.danger
Resource
win7-20241010-en
Behavioral task
behavioral10
Sample
Malware Samples/3449d1d98ec260570959636e381f0daf.danger
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
Malware Samples/3608a584e78a18b8281b7da7956c38dc.danger
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
Malware Samples/3608a584e78a18b8281b7da7956c38dc.danger
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
Malware Samples/3756d7ffc712e924f8f5b795a349f9ee.danger
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
Malware Samples/3756d7ffc712e924f8f5b795a349f9ee.danger
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
Malware Samples/3910f5a17b016e4de8bf330d6348f211.danger
Resource
win7-20241010-en
Behavioral task
behavioral16
Sample
Malware Samples/3910f5a17b016e4de8bf330d6348f211.danger
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
6287467283873,pdf.exe
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
6287467283873,pdf.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
Malware Samples/4ea2ebaf57eae1cd10481a68d0bf7823.danger
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
Malware Samples/4ea2ebaf57eae1cd10481a68d0bf7823.danger
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
Malware Samples/53cbbf08fc5a6fb17799813e483efedc.danger
Resource
win7-20241010-en
Behavioral task
behavioral22
Sample
Malware Samples/53cbbf08fc5a6fb17799813e483efedc.danger
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
Malware Samples/63e5798be7ba715c481aec7b2399f766.danger
Resource
win7-20240729-en
Behavioral task
behavioral24
Sample
Malware Samples/63e5798be7ba715c481aec7b2399f766.danger
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
Malware Samples/65f6dc37499e3054f0f328b27ceef4e7.danger
Resource
win7-20241010-en
Behavioral task
behavioral26
Sample
Malware Samples/65f6dc37499e3054f0f328b27ceef4e7.danger
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
Malware Samples/66f36808089fee107c02503745fc19b4.danger
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
Malware Samples/66f36808089fee107c02503745fc19b4.danger
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
Malware Samples/6965e9bd1d11888c3c70895b241b1834.danger
Resource
win7-20241010-en
Behavioral task
behavioral30
Sample
Malware Samples/6965e9bd1d11888c3c70895b241b1834.danger
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
Malware Samples/6ad036ba93c94d6976e2d93c7a3aec6f.danger
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
Malware Samples/6ad036ba93c94d6976e2d93c7a3aec6f.danger
Resource
win10v2004-20241007-en
General
-
Target
Malware Samples/3756d7ffc712e924f8f5b795a349f9ee.danger
-
Size
165KB
-
MD5
3756d7ffc712e924f8f5b795a349f9ee
-
SHA1
d86cf24c4ff4de457526084e0b1588425837f71a
-
SHA256
2278d355756398bc2771b5a1b69ce4d98aa59bcb91fc43ddcbd7e019dd18497f
-
SHA512
88fc65b8877918b577d1661b6839be4c47f8083069923e533492637941de6dfca8512825bce5447f72f6dde6bd6694df79f7ce82f3ddcc266d8b4deecc1e6aaa
-
SSDEEP
3072:wHRaUaqFh51r/SzFaSadGBrjC48+WZ/POhh+/DHRZKa12MG:wHRBaqbSzGdD48+aPOnYRZKa12T
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_Classes\Local Settings rundll32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2720 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2720 AcroRd32.exe 2720 AcroRd32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2192 wrote to memory of 2592 2192 cmd.exe 31 PID 2192 wrote to memory of 2592 2192 cmd.exe 31 PID 2192 wrote to memory of 2592 2192 cmd.exe 31 PID 2592 wrote to memory of 2720 2592 rundll32.exe 32 PID 2592 wrote to memory of 2720 2592 rundll32.exe 32 PID 2592 wrote to memory of 2720 2592 rundll32.exe 32 PID 2592 wrote to memory of 2720 2592 rundll32.exe 32
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Malware Samples\3756d7ffc712e924f8f5b795a349f9ee.danger"1⤵
- Suspicious use of WriteProcessMemory
PID:2192 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Malware Samples\3756d7ffc712e924f8f5b795a349f9ee.danger2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2592 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Malware Samples\3756d7ffc712e924f8f5b795a349f9ee.danger"3⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2720
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD52cd82026c872a57157dfc94a6bbbfb77
SHA16fdf61415a6e8e1c18dfe8d63ec844eefeec74f8
SHA256b3942b2dccc7563b9c71a87c584c0d0e5f1def0c8d2b90646610cbc0a2189ecd
SHA512f321fddbbc046e65d016150eb55c072b8c7a9c5274b0d095a3b916d259ea0e676282a3fa25f9466a3901aad82b810549e4fbdfd6c7027487c6bd9c5b9abf2a36