Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
95s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
14/09/2022, 07:09
Static task
static1
Behavioral task
behavioral1
Sample
Ažuriranje_transakcije.iso
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Ažuriranje_transakcije.iso
Resource
win10-20220812-en
Behavioral task
behavioral3
Sample
Ažuriranje_transakcije.iso
Resource
win10v2004-20220812-en
Behavioral task
behavioral4
Sample
CHETOPOD.exe
Resource
win7-20220901-en
Behavioral task
behavioral5
Sample
CHETOPOD.exe
Resource
win10-20220812-en
Behavioral task
behavioral6
Sample
CHETOPOD.exe
Resource
win10v2004-20220812-en
General
-
Target
Ažuriranje_transakcije.iso
-
Size
1.2MB
-
MD5
2775cf71cabb89e2befce8e9553b5cd5
-
SHA1
6184e34d22794abcf70a8a2319a4abccfd8986e2
-
SHA256
f22d1ad6c3389e91374dc113c008381fd66e5b1303815a10860a750204e14b19
-
SHA512
682ca968874d8feeee272ee5e81932d040d2bcdf2c7e25b3ec64c990192919473afd5c69be371dda353cf2e3a7d402302c207093c122945f43835dad1eb85e65
-
SSDEEP
6144:ZUj/w6e6+p2897x6q+EYzYXMbKQ9vgdPED60JFtHYh2KOWZ5N:ZqVe6s9FP+aXMezEVTYh2KVZ
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings cmd.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeManageVolumePrivilege 2348 cmd.exe Token: SeManageVolumePrivilege 2348 cmd.exe