Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

Justifican...ia.exe

windows7-x64

7

Justifican...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/10/2022, 13:04 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Justificante de Transferencia.exe

  • Size

    676KB

  • MD5

    c7c3c92c0fe1327364cec3b07a2ea67b

  • SHA1

    b6ae46a2eeb1f358dd002c079e94535c6a90f06a

  • SHA256

    16e30f56cbf8e2589921e72f91f38f5a58dc34f08cbbee9a8f30a1217bad7d9c

  • SHA512

    d1abb90f5ba7bc7d5941800aecc0420cadd813e60e8a9bcadff434eda7a7dc0690b29a99b84b1f84544a914485bdff006c07b71a6cdb80885cdaed9105737c91

  • SSDEEP

    12288:vGqOASmlww9hVnMXuKQd0j7Mkqyspq8/DcioEXI5j0Kkmd:eqOASmlww9hVnxvd0vPqf7FfXIlPd

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\Justificante de Transferencia.exe
    "C:\Users\Admin\AppData\Local\Temp\Justificante de Transferencia.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    PID:4960

Network

    No results found
  • 66.39.31.19:443
    tls
    92 B
     142 B
     2
    2
  • 93.184.221.240:80
    322 B
     7
  • 20.189.173.1:443
    322 B
     7
  • 87.248.202.1:80
    322 B
     7
  • 93.184.221.240:80
    322 B
     7
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsoC559.tmp\System.dll
    Filesize

    11KB

    MD5

    ca332bb753b0775d5e806e236ddcec55

    SHA1

    f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f

    SHA256

    df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d

    SHA512

    2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00

    Download Submit

  • memory/4960-133-0x0000000004570000-0x0000000004671000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4960-134-0x0000000004570000-0x0000000004671000-memory.dmp

    Filesize

    1.0MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.