Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

update.exe

windows7_x64

8

update.exe

windows10_x64

8

Analysis

  • max time kernel
    27s
  • max time network
    29s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    06/01/2022, 12:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    update.exe

  • Size

    5.7MB

  • MD5

    9608c8b6c8d80fdc67b99edd3c53d3d2

  • SHA1

    37b11d3d7b7a1d18daafd6c63b33526860aaefe6

  • SHA256

    8c1a72991fb04dc3a8cf89605fb85150ef0e742472a0c58b8fa942a1f04877b0

  • SHA512

    4c98ff99686f2b54648c0926fbc1e92522520b11d1447a0fdf2aa11e25de2c109a0e55ae8f736404a3feed7288cb257cd57812ecdaeae41051a6ec3a0f6bfa15

Score
8/10
ransomware

Malware Config

Signatures

  • Modifies extensions of user files 12 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\update.exe
    "C:\Users\Admin\AppData\Local\Temp\update.exe"
    1⤵
    • Modifies extensions of user files
    • Suspicious behavior: EnumeratesProcesses
    PID:2480

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2480-115-0x00007FF6359D0000-0x00007FF636320000-memory.dmp

    Filesize

    9.3MB

    Download

  • memory/2480-118-0x00007FF820980000-0x00007FF820982000-memory.dmp

    Filesize

    8KB

    Download