Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

022e3c30a1...66.exe

windows10_x64

10

4d27dca0a1...ef.exe

windows10_x64

10

578a3a7a2b...b3.exe

windows10_x64

10

9c4880a98c...82.exe

windows10_x64

10

a1dad4a83d...c4.exe

windows10_x64

10

acf1b7d80f...e0.exe

windows10_x64

10

cbf31d825a...d2.exe

windows10_x64

10

db76a117db...12.exe

windows10_x64

10

e2ffb8aeeb...f6.exe

windows10_x64

7

f2196668f4...cb.exe

windows10_x64

10

Resubmissions

10/11/2021, 14:50

211110-r7nbvaeddr 10

08/11/2021, 16:12

211108-tnmmbahgaj 10

08/11/2021, 15:26

211108-svdsbaccf6 10

08/11/2021, 14:48

211108-r6lfvshdfn 10

Analysis

  • max time kernel
    1190s
  • max time network
    838s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    08/11/2021, 15:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e2ffb8aeeb869fbb3de97b95b0c5c9cf2234d85612ba111115a938c89e4d94f6.exe

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory 4 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 16 IoCs
  • Modifies registry class 18 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 33 IoCs

Processes

  • c:\windows\system32\svchost.exe
    c:\windows\system32\svchost.exe -k netsvcs -s UserManager
    1⤵
      PID:1356
    • c:\windows\system32\svchost.exe
      c:\windows\system32\svchost.exe -k netsvcs -s BITS
      1⤵
      • Suspicious use of SetThreadContext
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:592
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k SystemNetworkService
        2⤵
        • Drops file in System32 directory
        • Checks processor information in registry
        • Modifies data under HKEY_USERS
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:1164
    • c:\windows\system32\svchost.exe
      c:\windows\system32\svchost.exe -k netsvcs -s Browser
      1⤵
        PID:2952
      • c:\windows\system32\svchost.exe
        c:\windows\system32\svchost.exe -k netsvcs -s WpnService
        1⤵
          PID:2620
        • c:\windows\system32\svchost.exe
          c:\windows\system32\svchost.exe -k netsvcs -s Winmgmt
          1⤵
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2608
          • C:\Windows\system32\wbem\WMIADAP.EXE
            wmiadap.exe /F /T /R
            2⤵
              PID:3676
          • c:\windows\system32\svchost.exe
            c:\windows\system32\svchost.exe -k netsvcs -s LanmanServer
            1⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:2480
          • c:\windows\system32\svchost.exe
            c:\windows\system32\svchost.exe -k netsvcs -s IKEEXT
            1⤵
              PID:2452
            • c:\windows\system32\svchost.exe
              c:\windows\system32\svchost.exe -k netsvcs -s ShellHWDetection
              1⤵
                PID:1852
              • c:\windows\system32\svchost.exe
                c:\windows\system32\svchost.exe -k netsvcs -s SENS
                1⤵
                  PID:1300
                • c:\windows\system32\svchost.exe
                  c:\windows\system32\svchost.exe -k netsvcs -s Themes
                  1⤵
                    PID:1156
                  • c:\windows\system32\svchost.exe
                    c:\windows\system32\svchost.exe -k netsvcs -s ProfSvc
                    1⤵
                      PID:1112
                    • c:\windows\system32\svchost.exe
                      c:\windows\system32\svchost.exe -k netsvcs -s Schedule
                      1⤵
                        PID:1036
                      • c:\windows\system32\svchost.exe
                        c:\windows\system32\svchost.exe -k netsvcs -s gpsvc
                        1⤵
                          PID:1008
                        • C:\Users\Admin\AppData\Local\Temp\e2ffb8aeeb869fbb3de97b95b0c5c9cf2234d85612ba111115a938c89e4d94f6.exe
                          "C:\Users\Admin\AppData\Local\Temp\e2ffb8aeeb869fbb3de97b95b0c5c9cf2234d85612ba111115a938c89e4d94f6.exe"
                          1⤵
                          • Suspicious use of WriteProcessMemory
                          PID:3668
                          • C:\Windows\SysWOW64\rundll32.exe
                            "C:\Windows\System32\rundll32.exe" sqlite.dll,global
                            2⤵
                            • Loads dropped DLL
                            • Modifies registry class
                            • Suspicious behavior: EnumeratesProcesses
                            • Suspicious use of AdjustPrivilegeToken
                            • Suspicious use of WriteProcessMemory
                            PID:3032

                        Network

                        MITRE ATT&CK Enterprise v6

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • memory/592-174-0x0000025473DD0000-0x0000025473DD4000-memory.dmp

                          Filesize

                          16KB

                          Download

                        • memory/592-173-0x0000025473DD0000-0x0000025473DD1000-memory.dmp

                          Filesize

                          4KB

                          Download

                        • memory/592-122-0x0000025473D60000-0x0000025473D62000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/592-121-0x0000025473D60000-0x0000025473D62000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/592-172-0x0000025473DE0000-0x0000025473DE4000-memory.dmp

                          Filesize

                          16KB

                          Download

                        • memory/592-176-0x0000025473CF0000-0x0000025473CF4000-memory.dmp

                          Filesize

                          16KB

                          Download

                        • memory/592-139-0x0000025474100000-0x0000025474172000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/592-137-0x0000025473D80000-0x0000025473DCD000-memory.dmp

                          Filesize

                          308KB

                          Download

                        • memory/1008-190-0x0000023FC49C0000-0x0000023FC4A32000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1008-178-0x0000023FC3E90000-0x0000023FC3E92000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1008-128-0x0000023FC3E90000-0x0000023FC3E92000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1008-146-0x0000023FC4940000-0x0000023FC49B2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1008-127-0x0000023FC3E90000-0x0000023FC3E92000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1036-182-0x000001F992C20000-0x000001F992C22000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1036-143-0x000001F992C20000-0x000001F992C22000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1036-147-0x000001F993600000-0x000001F993672000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1036-145-0x000001F992C20000-0x000001F992C22000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1036-194-0x000001F993680000-0x000001F9936F2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1112-142-0x000002023CA50000-0x000002023CAC2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1112-140-0x000002023C1F0000-0x000002023C1F2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1112-138-0x000002023C1F0000-0x000002023C1F2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1112-181-0x000002023C1F0000-0x000002023C1F2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1112-193-0x000002023CC00000-0x000002023CC72000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1156-153-0x0000027CDA5B0000-0x0000027CDA5B2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1156-197-0x0000027CDB340000-0x0000027CDB3B2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1156-185-0x0000027CDA5B0000-0x0000027CDA5B2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1156-154-0x0000027CDA5B0000-0x0000027CDA5B2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1156-163-0x0000027CDAE80000-0x0000027CDAEF2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1164-126-0x000001A3846C0000-0x000001A3846C2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1164-170-0x000001A387000000-0x000001A387105000-memory.dmp

                          Filesize

                          1.0MB

                          Download

                        • memory/1164-144-0x000001A384870000-0x000001A3848E2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1164-129-0x000001A3846C0000-0x000001A3846C2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1164-168-0x000001A3846C0000-0x000001A3846C2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1164-169-0x000001A386120000-0x000001A38613B000-memory.dmp

                          Filesize

                          108KB

                          Download

                        • memory/1164-167-0x000001A3846C0000-0x000001A3846C2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1300-148-0x000001CC89290000-0x000001CC89292000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1300-183-0x000001CC89290000-0x000001CC89292000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1300-195-0x000001CC89880000-0x000001CC898F2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1300-150-0x000001CC89290000-0x000001CC89292000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1300-161-0x000001CC89800000-0x000001CC89872000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1356-155-0x000002984EC40000-0x000002984EC42000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1356-156-0x000002984EC40000-0x000002984EC42000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1356-186-0x000002984EC40000-0x000002984EC42000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1356-198-0x000002984F930000-0x000002984F9A2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1356-164-0x000002984F570000-0x000002984F5E2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1852-152-0x00000247001A0000-0x00000247001A2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1852-162-0x0000024700D40000-0x0000024700DB2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1852-196-0x0000024700DC0000-0x0000024700E32000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/1852-184-0x00000247001A0000-0x00000247001A2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/1852-151-0x00000247001A0000-0x00000247001A2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2452-131-0x00000294F4750000-0x00000294F4752000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2452-179-0x00000294F4750000-0x00000294F4752000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2452-130-0x00000294F4750000-0x00000294F4752000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2452-191-0x00000294F56B0000-0x00000294F5722000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/2452-149-0x00000294F5020000-0x00000294F5092000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/2480-135-0x000002D31BA10000-0x000002D31BA82000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/2480-132-0x000002D31B250000-0x000002D31B252000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2480-180-0x000002D31B250000-0x000002D31B252000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2480-192-0x000002D31BB30000-0x000002D31BBA2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/2480-133-0x000002D31B250000-0x000002D31B252000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2608-187-0x000001E4DC910000-0x000001E4DC912000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2608-199-0x000001E4DDB40000-0x000001E4DDBB2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/2608-165-0x000001E4DD340000-0x000001E4DD3B2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/2608-158-0x000001E4DC910000-0x000001E4DC912000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2608-157-0x000001E4DC910000-0x000001E4DC912000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2620-159-0x00000165F76F0000-0x00000165F76F2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2620-160-0x00000165F76F0000-0x00000165F76F2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2620-200-0x00000165F82A0000-0x00000165F8312000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/2620-188-0x00000165F76F0000-0x00000165F76F2000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2620-166-0x00000165F7E70000-0x00000165F7EE2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/2952-123-0x0000023AECE00000-0x0000023AECE02000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2952-189-0x0000023AEDC30000-0x0000023AEDCA2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/2952-125-0x0000023AECE00000-0x0000023AECE02000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/2952-141-0x0000023AED870000-0x0000023AED8E2000-memory.dmp

                          Filesize

                          456KB

                          Download

                        • memory/2952-177-0x0000023AECE00000-0x0000023AECE02000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/3032-134-0x0000000004A77000-0x0000000004B78000-memory.dmp

                          Filesize

                          1.0MB

                          Download

                        • memory/3032-136-0x00000000049E0000-0x0000000004A3D000-memory.dmp

                          Filesize

                          372KB

                          Download

                        • memory/3668-115-0x0000000000820000-0x0000000000821000-memory.dmp

                          Filesize

                          4KB

                          Download

                        • memory/3668-116-0x0000000000820000-0x0000000000821000-memory.dmp

                          Filesize

                          4KB

                          Download