Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

xxx.exe

windows7_x64

8

xxx.exe

windows10_x64

10

Analysis

  • max time kernel
    125s
  • max time network
    10s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    29/03/2021, 05:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    xxx.exe

  • Size

    212KB

  • MD5

    af9754aa7c14005973189c09494b50af

  • SHA1

    fd4b1bdbbfc7fe46bfe3d2205641c441f796a03d

  • SHA256

    30aa50598d3a153d842f3861f66cd1a8ee754f850ee2429aa739975536b5be3a

  • SHA512

    c6fdd0b930e573d4b3d94232e2ca624c6d21bff572d237e6f3abd9d26ee0e6eb4db0e9bd1384a5961a5da6fc44d81026534a139696b3ae6688705fa52471f887

Score
8/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Modifies file permissions 1 TTPs 2 IoCs
    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\xxx.exe
    "C:\Users\Admin\AppData\Local\Temp\xxx.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1108
    • C:\Users\Admin\AppData\Local\Temp\oyvDKUOTerep.exe
      "C:\Users\Admin\AppData\Local\Temp\oyvDKUOTerep.exe" 9 REP
      2⤵
      • Executes dropped EXE
      PID:1452
    • C:\Users\Admin\AppData\Local\Temp\GubAQYUghlan.exe
      "C:\Users\Admin\AppData\Local\Temp\GubAQYUghlan.exe" 8 LAN
      2⤵
      • Executes dropped EXE
      PID:1684
    • C:\Users\Admin\AppData\Local\Temp\HBJwRRtrQlan.exe
      "C:\Users\Admin\AppData\Local\Temp\HBJwRRtrQlan.exe" 8 LAN
      2⤵
        PID:372
      • C:\Windows\SysWOW64\icacls.exe
        icacls "D:\*" /grant Everyone:F /T /C /Q
        2⤵
        • Modifies file permissions
        PID:1368
      • C:\Windows\SysWOW64\icacls.exe
        icacls "C:\*" /grant Everyone:F /T /C /Q
        2⤵
        • Modifies file permissions
        PID:1836

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/372-24-0x0000000001D60000-0x0000000001D71000-memory.dmp

      Filesize

      68KB

      Download

    • memory/1108-4-0x0000000035000000-0x000000003502D000-memory.dmp

      Filesize

      180KB

      Download

    • memory/1108-5-0x00000000760D1000-0x00000000760D3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1108-2-0x0000000001F50000-0x0000000001F61000-memory.dmp

      Filesize

      68KB

      Download

    • memory/1108-3-0x0000000000220000-0x0000000000244000-memory.dmp

      Filesize

      144KB

      Download

    • memory/1452-10-0x0000000001DF0000-0x0000000001E01000-memory.dmp

      Filesize

      68KB

      Download

    • memory/1684-17-0x0000000001B40000-0x0000000001B51000-memory.dmp

      Filesize

      68KB

      Download