Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
143s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
19/09/2022, 07:48
General
-
Target
2b174addd6e130d66559c95210340cf00114ff083f0477c3a87d3ec4aa9cbf0c.exe
-
Size
706KB
-
MD5
3ac3494886b2df27ae6acebb36bb5ed5
-
SHA1
5fce26a566de4c07ebb4374b8f7c963b3f12b783
-
SHA256
2b174addd6e130d66559c95210340cf00114ff083f0477c3a87d3ec4aa9cbf0c
-
SHA512
8c824b689b9f8c624edb2d5807ad2d552ae3a9a642895183a5a1acf0ad52ac2b8bdfec5aa036e51a0062a1b4a31fe7f604a1bd9be6950355ecd3a2981034e381
-
SSDEEP
12288:gp/iN/mlVdtvrYeyZJf7kPK+iqBZn+D73iKHeGspEAsekFS37t9lOqa:gpQ/6trYlvYPK+lqD73TeGsp1gFCXi
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Drops file in Windows directory 6 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies Control Panel 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2b174addd6e130d66559c95210340cf00114ff083f0477c3a87d3ec4aa9cbf0c.exe"C:\Users\Admin\AppData\Local\Temp\2b174addd6e130d66559c95210340cf00114ff083f0477c3a87d3ec4aa9cbf0c.exe"1⤵
- Drops file in Windows directory
- Modifies Control Panel
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\ScrBlaze.scr"C:\Windows\ScrBlaze.scr" /S2⤵
- Executes dropped EXE
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x1a41⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\ScrBlaze.scrC:\Windows\ScrBlaze.scr /s1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
74B
MD54644ce10fe704c3b38aab171d8ffd2b3
SHA14dfb113885dac8b1e13967ad3352f5f0be5a2512
SHA2564c5130a10da64fc3f21107e24d2287d6fcc89ad35675b8c1e133c90de34f9f21
SHA5121a3e9f366832e373fa41bfcb66f172d6352faa15e3fabb2b77265e5ce09479f71ba1789b5995029e7d533bc207852484ceb31276df40c0beb8d892b068c78940
-
Filesize
706KB
MD53ac3494886b2df27ae6acebb36bb5ed5
SHA15fce26a566de4c07ebb4374b8f7c963b3f12b783
SHA2562b174addd6e130d66559c95210340cf00114ff083f0477c3a87d3ec4aa9cbf0c
SHA5128c824b689b9f8c624edb2d5807ad2d552ae3a9a642895183a5a1acf0ad52ac2b8bdfec5aa036e51a0062a1b4a31fe7f604a1bd9be6950355ecd3a2981034e381
-
Filesize
706KB
MD53ac3494886b2df27ae6acebb36bb5ed5
SHA15fce26a566de4c07ebb4374b8f7c963b3f12b783
SHA2562b174addd6e130d66559c95210340cf00114ff083f0477c3a87d3ec4aa9cbf0c
SHA5128c824b689b9f8c624edb2d5807ad2d552ae3a9a642895183a5a1acf0ad52ac2b8bdfec5aa036e51a0062a1b4a31fe7f604a1bd9be6950355ecd3a2981034e381
-
Filesize
706KB
MD53ac3494886b2df27ae6acebb36bb5ed5
SHA15fce26a566de4c07ebb4374b8f7c963b3f12b783
SHA2562b174addd6e130d66559c95210340cf00114ff083f0477c3a87d3ec4aa9cbf0c
SHA5128c824b689b9f8c624edb2d5807ad2d552ae3a9a642895183a5a1acf0ad52ac2b8bdfec5aa036e51a0062a1b4a31fe7f604a1bd9be6950355ecd3a2981034e381
-
Filesize
911B
MD5b707b07b0c8d0f3f0e6f0bade078330b
SHA15421c81a29c816175a6c9676e0291427ccdb0999
SHA2564f207107052f7a6c0488e136ca8f3bc40217be66285493270c7c6a843baa9a71
SHA512ed027eeedcb3257940d235fa4a9ed21e43d5676109d608558617913e7a869f3c1a1a0e811d469232457db21e1764db6969d6c8d3970c1a2dc87155fa4b7785c4
-
Filesize
8KB