Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    25/11/2024, 15:16

General

  • Target

    platforms/aix/local/4612.py

  • Size

    852B

  • MD5

    3a00f0caf3fbae527dab35d00d3b0969

  • SHA1

    3acc5284594de2898139ef60b92736cc0c504ef0

  • SHA256

    92d1deaa8456ec5292012315262c628bd315ba7e741a51212cf1f246dc054d2c

  • SHA512

    3887dee78ee5d0758da52e985003aa4b31a76d196ecb578c5fc88ca5f5d00f46f4b1134faca47f5fa9ea5c0d5d16e27809b3d1e4fc8256299b6096ec46a7f162

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\platforms\aix\local\4612.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2912
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\platforms\aix\local\4612.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2692
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\platforms\aix\local\4612.py"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    e0d8484b14861ffe0bd15c8510da0a67

    SHA1

    28843c8d3e94b5c245fb40450b317f3c21289f00

    SHA256

    7cde2d873f357144e99648a8ee1c9c53c5fbf28cb0049a90c82a75318b27f190

    SHA512

    089ba33df31acd1737be8956441ee06879973c41c4d47825647ee651796f630592f7ae7172635e5da85cf68d33c236ca9904ef25f612293fad3012c48b18d603