Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
104s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
05/10/2022, 13:59
General
-
Target
TQMCenter.tlg
-
Size
6KB
-
MD5
689542b1928afe12f93496b1f7b8378f
-
SHA1
b7b01ba3dc85beadc5d7732016dc3c5949baa643
-
SHA256
e840901b53505d51eb20ec20081701a5b6c72e787a83e0f0bfdbe018ff2e9765
-
SHA512
86c32fa228c37532dc34131d60657026a4ac96183f798f49977716af69f659f534dfdfad57940e615e9e8e35ba887fa9e418886394ae020516cfd124ba9e4799
-
SSDEEP
48:X/DPrrd8ub6cfSyjZr72E121PIg0gkklVO1cJwtDD5Nme0GZADlNXRDlGgZUjc:mISsZrxZggal+PiX6gSc
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 9 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 29 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\TQMCenter.tlg1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\mspaint.exe"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\TQMCenter.tlg"2⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService1⤵