Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    31/01/2025, 00:31

General

  • Target

    AK-grabber-main/A5 Grabber/Components/config.json

  • Size

    976B

  • MD5

    17c98daace9d0baf81f6b9856c719c36

  • SHA1

    8797f3c08ee01ebd3156d273a751a32cd8149afb

  • SHA256

    28eb749c0057fa28835c64032e1bee33f42494168dc4d21f93383020eccc5a82

  • SHA512

    17dd9ec30682b7dbed78de8fc09e9be578ccf39d2613e8752eb82a7bf2af3b3600c94ea89114eb94473b009628ed138ecaee2ad053119e4c493492d2321290c9

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\AK-grabber-main\A5 Grabber\Components\config.json"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2696
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\AK-grabber-main\A5 Grabber\Components\config.json
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2748
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\AK-grabber-main\A5 Grabber\Components\config.json"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2756

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    17008cfc11b8284fef4c92028ed7b3c6

    SHA1

    6f6fe1b2e53c776a52c30f09be53be2518f9abc1

    SHA256

    459ec7c5cf4792fbfe9320e0695ea5fd8f653598d530297364d9a0bdf0dfce2e

    SHA512

    2b93000f080d9227b618dee7c0ecf6eebc383f20b699a34dd42cf5db8650e4a03f98313843022bc76a7e59d319d776d0273a12667330778c8a1cb947415d2d3b