Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
42s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
08/10/2022, 22:34
Static task
static1
Behavioral task
behavioral1
Sample
75e10cadf357f35c9cb9095ce78354b25237338cd21877d34770e2c9d3780a42.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
75e10cadf357f35c9cb9095ce78354b25237338cd21877d34770e2c9d3780a42.exe
Resource
win10v2004-20220812-en
General
-
Target
75e10cadf357f35c9cb9095ce78354b25237338cd21877d34770e2c9d3780a42.exe
-
Size
2.3MB
-
MD5
313f09780a2ad45f5a7f7eb5cd3bc74a
-
SHA1
dc162675599bc6613b0cde34203f59ee9ebac1db
-
SHA256
75e10cadf357f35c9cb9095ce78354b25237338cd21877d34770e2c9d3780a42
-
SHA512
797ad380df4e9add6ef3043dca8d64cf09a4c7256139378dfb62dcffa6176ddbe4630c4c1ac8860fee9bff1d62c59dc20f53d0cbd96469ed4a4d478e18459004
-
SSDEEP
49152:ueDEAqF5rR6iU9yzhDs/ioe3ugjNAYo/xQvF1XWbtKGY6FammuGpNTgFKlcOShch:ueDEAqF5rR6iU9yzRs/ioe3ugjNAYGiV
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1888 Bat_To_Exe_Converter_(x32).exe -
resource yara_rule behavioral1/files/0x000b0000000122cd-55.dat upx behavioral1/files/0x000b0000000122cd-56.dat upx behavioral1/files/0x000b0000000122cd-59.dat upx behavioral1/files/0x000b0000000122cd-58.dat upx behavioral1/files/0x000b0000000122cd-57.dat upx behavioral1/files/0x000b0000000122cd-61.dat upx behavioral1/memory/1888-65-0x0000000000400000-0x0000000000742000-memory.dmp upx behavioral1/memory/1888-69-0x0000000000400000-0x0000000000742000-memory.dmp upx -
Loads dropped DLL 6 IoCs
pid Process 1648 75e10cadf357f35c9cb9095ce78354b25237338cd21877d34770e2c9d3780a42.exe 1648 75e10cadf357f35c9cb9095ce78354b25237338cd21877d34770e2c9d3780a42.exe 1648 75e10cadf357f35c9cb9095ce78354b25237338cd21877d34770e2c9d3780a42.exe 1648 75e10cadf357f35c9cb9095ce78354b25237338cd21877d34770e2c9d3780a42.exe 1648 75e10cadf357f35c9cb9095ce78354b25237338cd21877d34770e2c9d3780a42.exe 1888 Bat_To_Exe_Converter_(x32).exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1648 wrote to memory of 1888 1648 75e10cadf357f35c9cb9095ce78354b25237338cd21877d34770e2c9d3780a42.exe 28 PID 1648 wrote to memory of 1888 1648 75e10cadf357f35c9cb9095ce78354b25237338cd21877d34770e2c9d3780a42.exe 28 PID 1648 wrote to memory of 1888 1648 75e10cadf357f35c9cb9095ce78354b25237338cd21877d34770e2c9d3780a42.exe 28 PID 1648 wrote to memory of 1888 1648 75e10cadf357f35c9cb9095ce78354b25237338cd21877d34770e2c9d3780a42.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\75e10cadf357f35c9cb9095ce78354b25237338cd21877d34770e2c9d3780a42.exe"C:\Users\Admin\AppData\Local\Temp\75e10cadf357f35c9cb9095ce78354b25237338cd21877d34770e2c9d3780a42.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1648 -
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Bat_To_Exe_Converter_(x32).exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\Bat_To_Exe_Converter_(x32).exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1888
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.8MB
MD54229d83b56553a234b5141fa43464f61
SHA1d4af1ffc18d9f64d24902a917f5b5a2513c3d85a
SHA2566d0db8805dde63767573ec5453f344c10cfa62762908694410da2c781d059969
SHA5129056017089a2c82118b184e7b235ab60bfac5b6a766a372ccfc9f042422ab23ee3b32b369434ed1631c2790a3d455ad72665af748ea41723c09a0bbad46625e8
-
Filesize
478B
MD52ecfdc8c69ab074112c3447a08e7735c
SHA1c662820fcef61542dda2b5f2e83260b29a88f338
SHA256604c7adfa98f4f81e6700d0b3811bc84b191e3c584d31d8cdb4261b93a5121f1
SHA5123fb7d7cc81b3d6290b3071e91db9dc783489b85a893ad689277783ded2bba8a2f4608c17310166348e97458277ee79efdec2509b7822d76df89c467d2aaccee2
-
Filesize
399KB
MD59092cc0fa27603c620df12b58c4c89df
SHA17b2e36fcf71aa8e20c3006a1ec001d50503a66e7
SHA2566468cdf465b47c64ec621f548fff5e32ca24e21f50a331a17014f68006b12f0e
SHA512a5a0d023cd06cc3b398b6929dfefb345d1ead3de54728b916e2c1c6a492a34ef610a0eedb55864b6f3d6f98fde2273223b4496a5a27b1b3ba87ba0baa6138419
-
Filesize
1.8MB
MD54229d83b56553a234b5141fa43464f61
SHA1d4af1ffc18d9f64d24902a917f5b5a2513c3d85a
SHA2566d0db8805dde63767573ec5453f344c10cfa62762908694410da2c781d059969
SHA5129056017089a2c82118b184e7b235ab60bfac5b6a766a372ccfc9f042422ab23ee3b32b369434ed1631c2790a3d455ad72665af748ea41723c09a0bbad46625e8
-
Filesize
1.8MB
MD54229d83b56553a234b5141fa43464f61
SHA1d4af1ffc18d9f64d24902a917f5b5a2513c3d85a
SHA2566d0db8805dde63767573ec5453f344c10cfa62762908694410da2c781d059969
SHA5129056017089a2c82118b184e7b235ab60bfac5b6a766a372ccfc9f042422ab23ee3b32b369434ed1631c2790a3d455ad72665af748ea41723c09a0bbad46625e8
-
Filesize
1.8MB
MD54229d83b56553a234b5141fa43464f61
SHA1d4af1ffc18d9f64d24902a917f5b5a2513c3d85a
SHA2566d0db8805dde63767573ec5453f344c10cfa62762908694410da2c781d059969
SHA5129056017089a2c82118b184e7b235ab60bfac5b6a766a372ccfc9f042422ab23ee3b32b369434ed1631c2790a3d455ad72665af748ea41723c09a0bbad46625e8
-
Filesize
1.8MB
MD54229d83b56553a234b5141fa43464f61
SHA1d4af1ffc18d9f64d24902a917f5b5a2513c3d85a
SHA2566d0db8805dde63767573ec5453f344c10cfa62762908694410da2c781d059969
SHA5129056017089a2c82118b184e7b235ab60bfac5b6a766a372ccfc9f042422ab23ee3b32b369434ed1631c2790a3d455ad72665af748ea41723c09a0bbad46625e8
-
Filesize
1.8MB
MD54229d83b56553a234b5141fa43464f61
SHA1d4af1ffc18d9f64d24902a917f5b5a2513c3d85a
SHA2566d0db8805dde63767573ec5453f344c10cfa62762908694410da2c781d059969
SHA5129056017089a2c82118b184e7b235ab60bfac5b6a766a372ccfc9f042422ab23ee3b32b369434ed1631c2790a3d455ad72665af748ea41723c09a0bbad46625e8