Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1ec850a570...73.exe

windows7-x64

3

1ec850a570...73.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    38s
  • max time network
    41s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    30/09/2022, 08:35 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1ec850a570549c3775cc48804b38ac19b9fdafa67abeaa532eee989cc9a39773.exe

  • Size

    250KB

  • MD5

    8ee7d7b83377f0f30925b208218e4a9d

  • SHA1

    76ad386232409ff107b9e00065cfb1692f9749bf

  • SHA256

    1ec850a570549c3775cc48804b38ac19b9fdafa67abeaa532eee989cc9a39773

  • SHA512

    2461c6398cde7c8e07d79b61175731ecf27a3eb839ff69ff5edd462a9fc04a4e41ef3063257320126eb2b11336f622623db36999306b4b0bb575a34cb972ae5b

  • SSDEEP

    6144:Wc0h522p3l04ZMSmIp3Uy28uhyCtFAo3j:Qhxp3lZnT9bD5o3j

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Runs .reg file with regedit 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1ec850a570549c3775cc48804b38ac19b9fdafa67abeaa532eee989cc9a39773.exe
    "C:\Users\Admin\AppData\Local\Temp\1ec850a570549c3775cc48804b38ac19b9fdafa67abeaa532eee989cc9a39773.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1672
    • C:\Windows\SysWOW64\regedit.exe
      "C:\Windows\System32\regedit.exe" /s C:\Users\Admin\AppData\Local\Temp\20h2lol.reg
      2⤵
      • Runs .reg file with regedit
      PID:968

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\20h2lol.reg
    Filesize

    307B

    MD5

    f7208da6784d2169b46811985d82eee7

    SHA1

    c08df227fd9cf670ad635db12efe0bf9874eaf0b

    SHA256

    db92230a95fdb9a9740228a7b1b2ce3be0328f28d92018b7dcb75d3af1e81700

    SHA512

    f4a2541c5e4937bbb606cff19f65abb9656a0c91344c105da94a86b264a4dd6623fd1424271f39bf15abf08caf0606fe17b0bea60315d54edea1c26eac7c2831

    Download Submit

  • memory/1672-54-0x0000000075BD1000-0x0000000075BD3000-memory.dmp

    Filesize

    8KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.