Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

10

3a08e3bfec...e1.bin

windows7_x64

3

3a08e3bfec...e1.bin

windows10-2004_x64

3

Resubmissions

22/02/2022, 06:41

220222-hf9w4adfe5 10

20/01/2022, 18:55

220120-xk4cfabbe7 10

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    20/01/2022, 18:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a08e3bfec2db5dbece359ac9662e65361a8625a0122e68b56cd5ef3aedf8ce1.bin

  • Size

    1.8MB

  • MD5

    92ed8739cfb9132c8b57016e3c071a28

  • SHA1

    362aa21546904629b28a56c9d5c4bfd3b53296f5

  • SHA256

    3a08e3bfec2db5dbece359ac9662e65361a8625a0122e68b56cd5ef3aedf8ce1

  • SHA512

    755cab9f92d9bb39b1afc890e6d220f1e9ff884bb5c9ab9a526dd7af204fa88c21d88fb2c153c28eb577a5730548dca3ad8ffa20d3b31ed3fb550fce98f7c3d3

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 10 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\3a08e3bfec2db5dbece359ac9662e65361a8625a0122e68b56cd5ef3aedf8ce1.bin
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1484
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\3a08e3bfec2db5dbece359ac9662e65361a8625a0122e68b56cd5ef3aedf8ce1.bin
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:460
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\3a08e3bfec2db5dbece359ac9662e65361a8625a0122e68b56cd5ef3aedf8ce1.bin"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:560

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/560-63-0x0000000074B21000-0x0000000074B23000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1484-55-0x000007FEFB631000-0x000007FEFB633000-memory.dmp

    Filesize

    8KB

    Download