Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

805996ea2a...04.exe

windows7-x64

7

805996ea2a...04.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    43s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2022, 05:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    805996ea2acc0bbde8caeccf56129913c0819f6dd07242b073b4c7d69225ae04.exe

  • Size

    32KB

  • MD5

    36c26cf4c376eee2e9970c65a6bd82c1

  • SHA1

    e8eaa54b31c1853410e6eb8a2a4e839d6d72d4c7

  • SHA256

    805996ea2acc0bbde8caeccf56129913c0819f6dd07242b073b4c7d69225ae04

  • SHA512

    6d2b86636a43e21d9952040208607b116cf455aca222d352f1caf3ced41d01d48ab2979c41e3764b6645339775b54f9967942d76e43a1422785a3a4671acea1c

  • SSDEEP

    192:p/33z1rWSUcVKbCBpLg1GqPQUS2b3z3ZuizSmiZBL/YfwDLXkUKfoa2hTbP4oynz:x7UcIbHDZxzSRLbHXvKfoa2d43KZZIl

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 46 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\805996ea2acc0bbde8caeccf56129913c0819f6dd07242b073b4c7d69225ae04.exe
    "C:\Users\Admin\AppData\Local\Temp\805996ea2acc0bbde8caeccf56129913c0819f6dd07242b073b4c7d69225ae04.exe"
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1676
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\ydlem.bat
      2⤵
      • Deletes itself
      PID:1128

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ydlem.bat
    Filesize

    516B

    MD5

    cb62715271b4289c4a56a0aa2c6dbd89

    SHA1

    3580fea473e727739070f580c5836b170b0da25d

    SHA256

    bd85007dd7d8edb274b0487bccda194891e033e856d7988e44c2e477d6c37b18

    SHA512

    1a9752d8ef1ae2a684813ea94225497e0ff03ac70315853338a3e331ce29e681f32897c9682b996d7c18851f6f92a07df829a5630f085279feba3fc07ffc5dee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ydlem.tmp
    Filesize

    32KB

    MD5

    f7b53b875beb48ffc530f862d63fe74b

    SHA1

    8887b2301ef4435e1ace7924d2b17358d10ad24c

    SHA256

    5fe53dd0d48d193c13dc5856c3c1251aa87bc9c503775fe3f355ce3bd78cb994

    SHA512

    02fe7e7b70e7e20cfc9081c286514110fe0abf85955a65cac227cd21872658cb7f98d1791f6bd4ae3ca9086854dd2a58277782a624a8ae362f38bb6e4059926c

    Download Submit

  • memory/1676-54-0x0000000075E31000-0x0000000075E33000-memory.dmp

    Filesize

    8KB

    Download