Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

76113e73d1...0d.exe

windows7-x64

7

76113e73d1...0d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    40s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    04/10/2022, 00:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    76113e73d1771e0d04079aeb3d4a22430f147eb8a4e1b0348868627aa132aa0d.exe

  • Size

    557KB

  • MD5

    471d98cc33aeabab284c46d00785f09b

  • SHA1

    d20f1c6377d1b5afbd3fabbd65d9fb89cb552892

  • SHA256

    76113e73d1771e0d04079aeb3d4a22430f147eb8a4e1b0348868627aa132aa0d

  • SHA512

    cc3a97a3e28906549627ad8f05c75164df69bafc07bc607117366c9f1c1bc689deec9b5a388d89f900f807e26001bceb59b0c1d1da1bddf5ef9282b59c1ffe78

  • SSDEEP

    12288:rmt6xZkS36we353iu59K9KoP0G2FIz7O7L6jGSH:Kt6xKS36z53PPK9uUz7O7GH

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\76113e73d1771e0d04079aeb3d4a22430f147eb8a4e1b0348868627aa132aa0d.exe
    "C:\Users\Admin\AppData\Local\Temp\76113e73d1771e0d04079aeb3d4a22430f147eb8a4e1b0348868627aa132aa0d.exe"
    1⤵
    • Loads dropped DLL
    PID:1900

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsy26A5.tmp\InstallOptions.dll
    Filesize

    15KB

    MD5

    786110d3394edf4bb5c14e3e9a49f9e6

    SHA1

    4adf64a5999a1a41870fedefba22f67840f36f3a

    SHA256

    3ccb4385cd22b5c69bc2583e181da4085477906c193f04eb5a400801e00dbcd5

    SHA512

    e85e49b492a04188c46c90fef6ba5b177f85c670848f902748ec1540839ffb2f5d88563c14026328dd2100a48979ff8e67e7af1eee70fea0eb477c78db4d9524

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy26A5.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    bb3707e7614a444b799d3842bf34b31b

    SHA1

    e4b75748e417b8a7be3a199150f4338f9d883cca

    SHA256

    098a384cb4c14b9639db4f4f113426d2a91d170a2affca3e6ecbe57b18d86c38

    SHA512

    728e7d2a7a555228f24f04829099e5f266f8e3b2f91bc44181c0d08425de158d4c1d61a25c1914bdf0ade43377462169a23b311f7cd110a1e4a07bc781ff25e4

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy26A5.tmp\UAC.dll
    Filesize

    18KB

    MD5

    113c5f02686d865bc9e8332350274fd1

    SHA1

    4fa4414666f8091e327adb4d81a98a0d6e2e254a

    SHA256

    0d21041a1b5cd9f9968fc1d457c78a802c9c5a23f375327e833501b65bcd095d

    SHA512

    e190d1ee50c0b2446b14f0d9994a0ce58f5dbd2aa5d579f11b3a342da1d4abf0f833a0415d3817636b237930f314be54e4c85b4db4a9b4a3e532980ea9c91284

    Download Submit

  • memory/1900-54-0x0000000075A81000-0x0000000075A83000-memory.dmp

    Filesize

    8KB

    Download