Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

7de8ca88e2...77.exe

windows7_x64

5

7de8ca88e2...77.exe

windows10-2004_x64

8

Analysis

  • max time kernel
    145s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220112
  • submitted
    31/01/2022, 23:49 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7de8ca88e240fb905fc2e8fd5db6c5af82d8e21556f0ae36d055f623128c3377.exe

  • Size

    25KB

  • MD5

    0790a7e0a842e1de70de194054fa11b3

  • SHA1

    4595cdd47b63a4ae256ed22590311f388bc7a2d8

  • SHA256

    7de8ca88e240fb905fc2e8fd5db6c5af82d8e21556f0ae36d055f623128c3377

  • SHA512

    0fe5bbe2a6681dde660b5ca2ebee3ae969efa0046641c991de805a83810b21176ae6cd05da1316a538929599e52db00cc4aaa4c80b11b1922429facb25d9ced9

Score
8/10
persistenceransomware

Malware Config

Signatures

  • Sets service image path in registry 2 TTPs
    persistence
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Modifies data under HKEY_USERS 41 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7de8ca88e240fb905fc2e8fd5db6c5af82d8e21556f0ae36d055f623128c3377.exe
    "C:\Users\Admin\AppData\Local\Temp\7de8ca88e240fb905fc2e8fd5db6c5af82d8e21556f0ae36d055f623128c3377.exe"
    1⤵
    • Sets desktop wallpaper using registry
    PID:3680
  • C:\Windows\System32\WaaSMedicAgent.exe
    C:\Windows\System32\WaaSMedicAgent.exe e20aa2587c00cce733ba76c41d39682f mQBOnEWw40ih6L2T+cOyzg.0.1.0.0.0
    1⤵
    • Modifies data under HKEY_USERS
    PID:1484

Network

  • flag-us
    DNS
    settings-win.data.microsoft.com
    Remote address:
    8.8.8.8:53
    Request
    settings-win.data.microsoft.com
    IN A
    Response
    settings-win.data.microsoft.com
    IN CNAME
    settingsfd-geo.trafficmanager.net
    settingsfd-geo.trafficmanager.net
    IN A
    52.167.17.97
  • flag-us
    DNS
    crl3.digicert.com
    Remote address:
    8.8.8.8:53
    Request
    crl3.digicert.com
    IN A
    Response
    crl3.digicert.com
    IN CNAME
    cs9.wac.phicdn.net
    cs9.wac.phicdn.net
    IN A
    93.184.220.29
  • flag-us
    DNS
    crl4.digicert.com
    Remote address:
    8.8.8.8:53
    Request
    crl4.digicert.com
    IN A
    Response
    crl4.digicert.com
    IN CNAME
    cs9.wac.phicdn.net
    cs9.wac.phicdn.net
    IN A
    93.184.220.29
  • flag-us
    GET
    http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
    Remote address:
    93.184.220.29:80
    Request
    GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: ocsp.digicert.com
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Age: 1273
    Cache-Control: max-age=108132
    Content-Type: application/ocsp-response
    Date: Mon, 31 Jan 2022 23:50:13 GMT
    Etag: "61f77420-5e3"
    Expires: Wed, 02 Feb 2022 05:52:25 GMT
    Last-Modified: Mon, 31 Jan 2022 05:31:12 GMT
    Server: ECS (amb/6BC6)
    X-Cache: HIT
    Content-Length: 1507
  • flag-us
    GET
    http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D
    Remote address:
    93.184.220.29:80
    Request
    GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: ocsp.digicert.com
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Age: 6492
    Cache-Control: max-age=124147
    Content-Type: application/ocsp-response
    Date: Mon, 31 Jan 2022 23:50:14 GMT
    Etag: "61f79e4d-1d7"
    Expires: Wed, 02 Feb 2022 10:19:21 GMT
    Last-Modified: Mon, 31 Jan 2022 08:31:09 GMT
    Server: ECS (amb/6BB7)
    X-Cache: HIT
    Content-Length: 471
  • flag-us
    DNS
    crl4.digicert.com
    Remote address:
    8.8.8.8:53
    Request
    crl4.digicert.com
    IN A
    Response
    crl4.digicert.com
    IN CNAME
    cs9.wac.phicdn.net
    cs9.wac.phicdn.net
    IN A
    72.21.91.29
  • flag-us
    GET
    http://crl4.digicert.com/DigiCertGlobalRootG2.crl
    Remote address:
    72.21.91.29:80
    Request
    GET /DigiCertGlobalRootG2.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: crl4.digicert.com
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Age: 1025
    Cache-Control: max-age=10800
    Content-Type: application/pkix-crl
    Date: Mon, 31 Jan 2022 23:51:17 GMT
    Etag: "1809790147"
    Expires: Tue, 01 Feb 2022 02:51:17 GMT
    Last-Modified: Wed, 26 Jan 2022 21:15:05 GMT
    Server: ECS (bsa/EB20)
    X-Cache: HIT
    Content-Length: 877
  • 93.184.220.29:80
    260 B
     5
  • 84.53.175.122:80
    46 B
     40 B
     1
    1
  • 84.53.175.122:80
    46 B
     40 B
     1
    1
  • 52.167.17.97:443
    settings-win.data.microsoft.com
    tls, https
    1.3kB
     8.1kB
     14
    14
  • 93.184.220.29:80
    crl3.digicert.com
    260 B
     5
  • 40.79.197.35:443
    40 B
     1
  • 52.167.17.97:443
    settings-win.data.microsoft.com
    tls, https
    2.5kB
     7.9kB
     14
    13
  • 93.184.220.29:80
    crl4.digicert.com
    260 B
     5
  • 52.167.17.97:443
    settings-win.data.microsoft.com
    tls, https
    2.0kB
     4.4kB
     12
    10
  • 52.167.17.97:443
    settings-win.data.microsoft.com
    tls, https
    1.6kB
     4.4kB
     12
    10
  • 52.167.17.97:443
    settings-win.data.microsoft.com
    tls, https
    2.0kB
     14.9kB
     16
    18
  • 93.184.220.29:80
    http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
    http
    466 B
     2.0kB
     5
    4

    HTTP Request

    GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D

    HTTP Response

    200
  • 93.184.220.29:80
    http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D
    http
    466 B
     931 B
     5
    3

    HTTP Request

    GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D

    HTTP Response

    200
  • 52.184.206.73:443
    40 B
     1
  • 93.184.220.29:80
    crl4.digicert.com
    260 B
     5
  • 93.184.220.29:80
    crl4.digicert.com
    260 B
     5
  • 72.21.91.29:80
    http://crl4.digicert.com/DigiCertGlobalRootG2.crl
    http
    372 B
     1.3kB
     5
    3

    HTTP Request

    GET http://crl4.digicert.com/DigiCertGlobalRootG2.crl

    HTTP Response

    200
  • 8.8.8.8:53
    settings-win.data.microsoft.com
    dns
    77 B
     140 B
     1
    1

    DNS Request

    settings-win.data.microsoft.com

    DNS Response

    52.167.17.97

  • 8.8.8.8:53
    crl3.digicert.com
    dns
    63 B
     111 B
     1
    1

    DNS Request

    crl3.digicert.com

    DNS Response

    93.184.220.29

  • 8.8.8.8:53
    crl4.digicert.com
    dns
    63 B
     111 B
     1
    1

    DNS Request

    crl4.digicert.com

    DNS Response

    93.184.220.29

  • 8.8.8.8:53
    crl4.digicert.com
    dns
    63 B
     111 B
     1
    1

    DNS Request

    crl4.digicert.com

    DNS Response

    72.21.91.29

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.