Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

c4e8282ef4...68.exe

windows7_x64

10

c4e8282ef4...68.exe

windows10-2004_x64

8

Analysis

  • max time kernel
    94s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    25/06/2022, 05:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c4e8282ef48e91716ace408edc83347bbce4ed299abaeae7c4100a61402eaf68.exe

  • Size

    129KB

  • MD5

    67e323570213378a54e19b0ccdcf49f0

  • SHA1

    e95460434d6de33361167b935ce56c05b85250b9

  • SHA256

    c4e8282ef48e91716ace408edc83347bbce4ed299abaeae7c4100a61402eaf68

  • SHA512

    96e8dbe1fd75fac932a40bcf6fe4864596170317e37d0e93ce17877d61430e97ff9b32a7d7a178d463fcff421147e3817506d839041a067721991f3aebd3e7e4

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 23 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c4e8282ef48e91716ace408edc83347bbce4ed299abaeae7c4100a61402eaf68.exe
    "C:\Users\Admin\AppData\Local\Temp\c4e8282ef48e91716ace408edc83347bbce4ed299abaeae7c4100a61402eaf68.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:928
    • C:\Users\Admin\AppData\Local\XLoader-ExLibs\ExportLibrarys.exe
      "C:\Users\Admin\AppData\Local\XLoader-ExLibs\ExportLibrarys.exe" xrun
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3768

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\XLoader-ExLibs\ExportLibrarys.exe
    Filesize

    129KB

    MD5

    67e323570213378a54e19b0ccdcf49f0

    SHA1

    e95460434d6de33361167b935ce56c05b85250b9

    SHA256

    c4e8282ef48e91716ace408edc83347bbce4ed299abaeae7c4100a61402eaf68

    SHA512

    96e8dbe1fd75fac932a40bcf6fe4864596170317e37d0e93ce17877d61430e97ff9b32a7d7a178d463fcff421147e3817506d839041a067721991f3aebd3e7e4

    Download Submit

  • C:\Users\Admin\AppData\Local\XLoader-ExLibs\ExportLibrarys.exe
    Filesize

    129KB

    MD5

    67e323570213378a54e19b0ccdcf49f0

    SHA1

    e95460434d6de33361167b935ce56c05b85250b9

    SHA256

    c4e8282ef48e91716ace408edc83347bbce4ed299abaeae7c4100a61402eaf68

    SHA512

    96e8dbe1fd75fac932a40bcf6fe4864596170317e37d0e93ce17877d61430e97ff9b32a7d7a178d463fcff421147e3817506d839041a067721991f3aebd3e7e4

    Download Submit

  • memory/928-130-0x0000000000CA0000-0x0000000000CC6000-memory.dmp

    Filesize

    152KB

    Download

  • memory/928-131-0x0000000005B80000-0x0000000006124000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/928-132-0x0000000005640000-0x00000000056A6000-memory.dmp

    Filesize

    408KB

    Download