Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

75e35e879d...05.exe

windows7-x64

8

75e35e879d...05.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    143s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2022, 12:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    75e35e879da51d8026da7a766ee1472df2a135ad45c8ddb01e4d83f9c8551105.exe

  • Size

    272KB

  • MD5

    28d9838a6583d19e9bcd38a60aeb52c5

  • SHA1

    e5f6bd53821a171ce6116f9d812bc9ceac890b94

  • SHA256

    75e35e879da51d8026da7a766ee1472df2a135ad45c8ddb01e4d83f9c8551105

  • SHA512

    792a38ccdc04ea1cb5b5c8dbebc4a1f573c46103b13a3e8ac45e4bebdecdb4ac2353ffe0942db5453111e47ad28207afd55bc06835c32ffafb200fe96b4609e5

  • SSDEEP

    6144:EcWMJJhqryYP/daqlzV4GA3Fkk7rzPDCykQSt4lHl+BKg5lJXa6m:EczJJhqrVPldVzA3FB7fPDCykjC3+Ugy

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\75e35e879da51d8026da7a766ee1472df2a135ad45c8ddb01e4d83f9c8551105.exe
    "C:\Users\Admin\AppData\Local\Temp\75e35e879da51d8026da7a766ee1472df2a135ad45c8ddb01e4d83f9c8551105.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4796
    • C:\Users\Admin\AppData\Local\Temp\test\test2.exe
      "C:\Users\Admin\AppData\Local\Temp\test\test2.exe"
      2⤵
      • Drops file in Drivers directory
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2408

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\test\test.ini
    Filesize

    37KB

    MD5

    ec4d34347aa8614334fc03d8f0afed73

    SHA1

    08b7573f61922874583e11eb486e4cd1dc82e1f9

    SHA256

    5149d79f6fb11c28c468d05a9a405de3433955f28164e8b0560e9d541ebfbcea

    SHA512

    5baf4a8859b0ca1231e4aa43d086a6455370efc06113e50f683a6c089b6a4c25504f319b7ab2dacaa87b92f2e51afd534200da74f0a7d5b745113cc4774c1997

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\test\test2.exe
    Filesize

    381KB

    MD5

    378628fa34638d2a8fbaa0b6270c9222

    SHA1

    ced9c9bb220bb22ffde3b4f6e8e901f299cb96e6

    SHA256

    ac2ec49d706608eab153f832c3bf285652377c6fac21b0281548982db1bcdabf

    SHA512

    b6c33a509beebad447f797ce906070ba8434bcee8c1ffe35407b5a2eecd42e47d3e85a24440b7d1109d9e055243523e438133b5562294a63d44e09f1a68a5369

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\test\test2.exe
    Filesize

    381KB

    MD5

    378628fa34638d2a8fbaa0b6270c9222

    SHA1

    ced9c9bb220bb22ffde3b4f6e8e901f299cb96e6

    SHA256

    ac2ec49d706608eab153f832c3bf285652377c6fac21b0281548982db1bcdabf

    SHA512

    b6c33a509beebad447f797ce906070ba8434bcee8c1ffe35407b5a2eecd42e47d3e85a24440b7d1109d9e055243523e438133b5562294a63d44e09f1a68a5369

    Download Submit