Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

01/05/2022, 18:25

220501-w2v7qaadhl 10

01/05/2022, 18:22

220501-wz279adge8 10

Analysis

  • max time kernel
    76s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    01/05/2022, 18:25

General

  • Target

    decrypt-decrypters/Decrypter.exe

  • Size

    218KB

  • MD5

    97f3854d27d9f5d8f9b15818237894d5

  • SHA1

    e608608d59708ef58102a3938d9117fa864942d9

  • SHA256

    fac94a8e02f92d63cfdf1299db27e40410da46c9e86d8bb2cd4b1a0d68d5f7a2

  • SHA512

    25d840a7a6f0e88092e0f852690ed9377cf3f38e0f2c95e74f8b2ffea574d83c6154cccdbf94f1756e2bbdcdb33b5106aab946644dedc4ffaefb6bf57a866696

Malware Config

Signatures

  • Modifies extensions of user files 1 IoCs

    Ransomware generally changes the extension on encrypted files.

  • Drops startup file 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops desktop.ini file(s) 33 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 23 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\decrypt-decrypters\Decrypter.exe
    "C:\Users\Admin\AppData\Local\Temp\decrypt-decrypters\Decrypter.exe"
    1⤵
    • Modifies extensions of user files
    • Drops startup file
    • Drops desktop.ini file(s)
    • Sets desktop wallpaper using registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:804

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/804-130-0x0000000000300000-0x000000000033C000-memory.dmp

    Filesize

    240KB

  • memory/804-131-0x00007FF922CA0000-0x00007FF923761000-memory.dmp

    Filesize

    10.8MB