Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
45s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
11/10/2022, 13:49
Static task
static1
Behavioral task
behavioral1
Sample
446d8344df2d21106b51d808ec1a24a66cf282de8a584161ac5f7e86ffb7b7bf.lnk
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
446d8344df2d21106b51d808ec1a24a66cf282de8a584161ac5f7e86ffb7b7bf.lnk
Resource
win10v2004-20220812-en
General
-
Target
446d8344df2d21106b51d808ec1a24a66cf282de8a584161ac5f7e86ffb7b7bf.lnk
-
Size
800B
-
MD5
72191ad6fdb0a56b472342d3aac80d20
-
SHA1
906fc37a695fc815e5ddda626bff407ff8261796
-
SHA256
446d8344df2d21106b51d808ec1a24a66cf282de8a584161ac5f7e86ffb7b7bf
-
SHA512
80727448c47de403b3c07b660eb58e2104f8686e98ff88266ed977b8f312e722f5da30e0c63ab855e71d0d9a020b0e86827bf40c7d28159b30bd982c959993c8
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1048 wrote to memory of 568 1048 cmd.exe 28 PID 1048 wrote to memory of 568 1048 cmd.exe 28 PID 1048 wrote to memory of 568 1048 cmd.exe 28
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\446d8344df2d21106b51d808ec1a24a66cf282de8a584161ac5f7e86ffb7b7bf.lnk1⤵
- Suspicious use of WriteProcessMemory
PID:1048 -
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" \5appa55a.ua0.p5k0fak0.pfu.kp5kku.aa0.p5k05uak.fffffk,kkkkkkkkkkkkkkk52⤵PID:568
-