Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    17/11/2024, 08:04 UTC

General

  • Target

    Malware Samples/3756d7ffc712e924f8f5b795a349f9ee.danger

  • Size

    165KB

  • MD5

    3756d7ffc712e924f8f5b795a349f9ee

  • SHA1

    d86cf24c4ff4de457526084e0b1588425837f71a

  • SHA256

    2278d355756398bc2771b5a1b69ce4d98aa59bcb91fc43ddcbd7e019dd18497f

  • SHA512

    88fc65b8877918b577d1661b6839be4c47f8083069923e533492637941de6dfca8512825bce5447f72f6dde6bd6694df79f7ce82f3ddcc266d8b4deecc1e6aaa

  • SSDEEP

    3072:wHRaUaqFh51r/SzFaSadGBrjC48+WZ/POhh+/DHRZKa12MG:wHRBaqbSzGdD48+aPOnYRZKa12T

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Malware Samples\3756d7ffc712e924f8f5b795a349f9ee.danger"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Malware Samples\3756d7ffc712e924f8f5b795a349f9ee.danger
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2592
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Malware Samples\3756d7ffc712e924f8f5b795a349f9ee.danger"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2720

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    2cd82026c872a57157dfc94a6bbbfb77

    SHA1

    6fdf61415a6e8e1c18dfe8d63ec844eefeec74f8

    SHA256

    b3942b2dccc7563b9c71a87c584c0d0e5f1def0c8d2b90646610cbc0a2189ecd

    SHA512

    f321fddbbc046e65d016150eb55c072b8c7a9c5274b0d095a3b916d259ea0e676282a3fa25f9466a3901aad82b810549e4fbdfd6c7027487c6bd9c5b9abf2a36

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.