Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
40s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
11/10/2022, 02:11
General
-
Target
1422ffd589ffb82792773d9d66bbaf72eb70ab555781826ba7237ed8c0cc6672.exe
-
Size
73KB
-
MD5
6059e6fc4f17e37e9e854d559eabfb70
-
SHA1
8d85fd0e7cdd27388c607d1fc002ff999b66796d
-
SHA256
1422ffd589ffb82792773d9d66bbaf72eb70ab555781826ba7237ed8c0cc6672
-
SHA512
918af8f29ba116c19ef0a680a127130540b4541d272f33fd5fe4cf30dee6a607ac12d0868f7b9b1684cd8dfa3fe06de3fe18cbbd98fcbf5d86837bbe5e4bf81f
-
SSDEEP
1536:pPL4JFziGp9kz62hE52R8pZ0Fxf/1KNZ59NKln9msMoK15MfHOUz:pgDehE52R8pSf/1KN9NKln9m15Mfn
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates processes with tasklist 1 TTPs 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1422ffd589ffb82792773d9d66bbaf72eb70ab555781826ba7237ed8c0cc6672.exe"C:\Users\Admin\AppData\Local\Temp\1422ffd589ffb82792773d9d66bbaf72eb70ab555781826ba7237ed8c0cc6672.exe"1⤵
- Maps connected drives based on registry
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c tasklist&&del 1422ffd589ffb82792773d9d66bbaf72eb70ab555781826ba7237ed8c0cc6672.exe2⤵
- Deletes itself
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\tasklist.exetasklist3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB