Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    151s
  • max time network
    82s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2022, 00:37

General

  • Target

    8cd633a558dfc1546a252ce597e95659219f02d53c0d1e4d17eedd4905706089.exe

  • Size

    228KB

  • MD5

    6c38bb5f7bdeb6ef00c72da4762ad430

  • SHA1

    560fc39783b4df2a828616db87b53187644822f5

  • SHA256

    8cd633a558dfc1546a252ce597e95659219f02d53c0d1e4d17eedd4905706089

  • SHA512

    4b185e9ef3f39cb8bd378884987686eb9ef1a25616b7d0469120ed1b4245bf4767d5d5f42b3c05f571e6b08f9791ff72aa38ef74f5b0c455845b23cd151e2ce5

  • SSDEEP

    3072:ug4ixi5UYJVFV5eDQHsuvNA05Vqtto24VmcZMUuXi46qndeAxIbYpu0:T83JrLeDQHr+uV0to24VmlUuSvqEK

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 53 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8cd633a558dfc1546a252ce597e95659219f02d53c0d1e4d17eedd4905706089.exe
    "C:\Users\Admin\AppData\Local\Temp\8cd633a558dfc1546a252ce597e95659219f02d53c0d1e4d17eedd4905706089.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1932
    • C:\Users\Admin\dmtaus.exe
      "C:\Users\Admin\dmtaus.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1020

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\dmtaus.exe

    Filesize

    228KB

    MD5

    1167b82caee5171d7c565282ca230e10

    SHA1

    cb846a9841296d960a65d748970ebcd22f71e0b9

    SHA256

    bfcb563feff90f2a31baf260d6c596206a20f970f2c948df2593dc49a19f9ae3

    SHA512

    131f19c8c3095c44d0d71dcecf32490e2f39966135df77eb1fe4d6bbc1302989bf6143349c25abaecc924b7576c1371c8ccb66e1538dc206fb529820bdd42003

  • C:\Users\Admin\dmtaus.exe

    Filesize

    228KB

    MD5

    1167b82caee5171d7c565282ca230e10

    SHA1

    cb846a9841296d960a65d748970ebcd22f71e0b9

    SHA256

    bfcb563feff90f2a31baf260d6c596206a20f970f2c948df2593dc49a19f9ae3

    SHA512

    131f19c8c3095c44d0d71dcecf32490e2f39966135df77eb1fe4d6bbc1302989bf6143349c25abaecc924b7576c1371c8ccb66e1538dc206fb529820bdd42003

  • \Users\Admin\dmtaus.exe

    Filesize

    228KB

    MD5

    1167b82caee5171d7c565282ca230e10

    SHA1

    cb846a9841296d960a65d748970ebcd22f71e0b9

    SHA256

    bfcb563feff90f2a31baf260d6c596206a20f970f2c948df2593dc49a19f9ae3

    SHA512

    131f19c8c3095c44d0d71dcecf32490e2f39966135df77eb1fe4d6bbc1302989bf6143349c25abaecc924b7576c1371c8ccb66e1538dc206fb529820bdd42003

  • \Users\Admin\dmtaus.exe

    Filesize

    228KB

    MD5

    1167b82caee5171d7c565282ca230e10

    SHA1

    cb846a9841296d960a65d748970ebcd22f71e0b9

    SHA256

    bfcb563feff90f2a31baf260d6c596206a20f970f2c948df2593dc49a19f9ae3

    SHA512

    131f19c8c3095c44d0d71dcecf32490e2f39966135df77eb1fe4d6bbc1302989bf6143349c25abaecc924b7576c1371c8ccb66e1538dc206fb529820bdd42003

  • memory/1932-56-0x0000000075981000-0x0000000075983000-memory.dmp

    Filesize

    8KB