Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
91s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
17/10/2022, 18:13
Static task
static1
Behavioral task
behavioral1
Sample
edc192d7f9863167968350c73b78bdf1eb2ebced2d5a77230121c6e1d99b1955.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
edc192d7f9863167968350c73b78bdf1eb2ebced2d5a77230121c6e1d99b1955.exe
Resource
win10v2004-20220901-en
General
-
Target
edc192d7f9863167968350c73b78bdf1eb2ebced2d5a77230121c6e1d99b1955.exe
-
Size
1.7MB
-
MD5
116845a0bc1d542a6f69c75f015241c8
-
SHA1
848c4432871c19aaa4f02fde0f38b79b04f64da2
-
SHA256
edc192d7f9863167968350c73b78bdf1eb2ebced2d5a77230121c6e1d99b1955
-
SHA512
0c19baf380e2ce45df3d3b80c6509e23db7987949b60ec1900dc6e6b99ee936936fdc63864e52921bd2305d3e3b844cf0c3c7c2dae2287ce804f42e47921cd9d
-
SSDEEP
49152:35rk8qq0lcyVlgoRdLbD5Zs9RulvabBsZVbYRKw:3aqroRdLxlibBsZ2RT
Malware Config
Signatures
-
Loads dropped DLL 3 IoCs
pid Process 4896 edc192d7f9863167968350c73b78bdf1eb2ebced2d5a77230121c6e1d99b1955.exe 4896 edc192d7f9863167968350c73b78bdf1eb2ebced2d5a77230121c6e1d99b1955.exe 4896 edc192d7f9863167968350c73b78bdf1eb2ebced2d5a77230121c6e1d99b1955.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4896 edc192d7f9863167968350c73b78bdf1eb2ebced2d5a77230121c6e1d99b1955.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 4896 edc192d7f9863167968350c73b78bdf1eb2ebced2d5a77230121c6e1d99b1955.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\edc192d7f9863167968350c73b78bdf1eb2ebced2d5a77230121c6e1d99b1955.exe"C:\Users\Admin\AppData\Local\Temp\edc192d7f9863167968350c73b78bdf1eb2ebced2d5a77230121c6e1d99b1955.exe"1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4896
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD5b540a866191f7fd20f5e6355bc2b094e
SHA1df01a0c011e88a1f860db41d474d3fe893f06082
SHA256ce3044e92a827fce76a75dbd817545506dcab76a5f4edac3c9cf37236a1eecb6
SHA512e65aa73a9e8118176f294edeb7a9dc3a71319b218a45de6073622b868bee2fab9d7b6f76577f846cc940b4b949ee0110fbb449df3d77c922464cf6ded1408331
-
Filesize
1.3MB
MD5b540a866191f7fd20f5e6355bc2b094e
SHA1df01a0c011e88a1f860db41d474d3fe893f06082
SHA256ce3044e92a827fce76a75dbd817545506dcab76a5f4edac3c9cf37236a1eecb6
SHA512e65aa73a9e8118176f294edeb7a9dc3a71319b218a45de6073622b868bee2fab9d7b6f76577f846cc940b4b949ee0110fbb449df3d77c922464cf6ded1408331
-
Filesize
2.5MB
MD52f18f1a6ba6697055490f30b217cde76
SHA1d9bfcbeb071cfa067a3a9bb8dc32fa32b4f9954b
SHA25659b13be9b563fabbe3ec1f8d756f3b16f384b9ae3cf2e89d7dbc813461c75645
SHA51295cfe56d60ba573667bf41111da2ab2a95c1daca3fbcdf175e0b3cf80f8f33b097ff64473e4c1a2504cfab475bf0dbff1f33675e86fcf114463fa4edd10ff362