Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

582a39b0ed...b8.exe

windows7-x64

8

582a39b0ed...b8.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    93s
  • max time network
    55s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    19/10/2022, 22:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    582a39b0edf4482c7ad3adb71d21d77a75d5613873625e6a2e627b92571537b8.exe

  • Size

    944KB

  • MD5

    909079e82553da2fdf74e326d3a080ae

  • SHA1

    224e59ff52dc9df06fbae1432bb51ada2311e12b

  • SHA256

    582a39b0edf4482c7ad3adb71d21d77a75d5613873625e6a2e627b92571537b8

  • SHA512

    a2c93f248bf3f378174e38ac779173df4f399d7169a198d591ee6cf5d0fcfc08c28c4961b77877099f7d629d23ccb7dcbadceb7fcdc487193e41616f848db2fd

  • SSDEEP

    24576:n7abJkS1S6qy18sQBX6c+5vP5UCben8xQ:7fS1b7Cw3bCR

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\582a39b0edf4482c7ad3adb71d21d77a75d5613873625e6a2e627b92571537b8.exe
    "C:\Users\Admin\AppData\Local\Temp\582a39b0edf4482c7ad3adb71d21d77a75d5613873625e6a2e627b92571537b8.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\program files (x86)\internet explorer\wmpscfgs.exe
      "C:\program files (x86)\internet explorer\wmpscfgs.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1908
      • C:\program files (x86)\internet explorer\wmpscfgs.exe
        "C:\program files (x86)\internet explorer\wmpscfgs.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1708
    • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
      C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1424
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {E118BDCF-F22F-4B5C-9AFA-9CAC000DA63B} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1052
    • \??\c:\program files (x86)\internet explorer\wmpscfgs.exe
      "c:\program files (x86)\internet explorer\wmpscfgs.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1556

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
    Filesize

    970KB

    MD5

    a85e69a05e8cfe24c8e57611fb60b827

    SHA1

    1600675009e591e8ec952338f3fe2b667dc04cf1

    SHA256

    2179196f4e2876a4f39180c5764b52b960240a2e87133756f118977585c0bed4

    SHA512

    6977b29d9543810bddc964a61d270df7552027e2a07d63263526487314983972e3e3506f4d01c83b7605c6c5178d38e0fa182875b43d215722daf43988a5889c

    Download Submit

  • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
    Filesize

    970KB

    MD5

    a85e69a05e8cfe24c8e57611fb60b827

    SHA1

    1600675009e591e8ec952338f3fe2b667dc04cf1

    SHA256

    2179196f4e2876a4f39180c5764b52b960240a2e87133756f118977585c0bed4

    SHA512

    6977b29d9543810bddc964a61d270df7552027e2a07d63263526487314983972e3e3506f4d01c83b7605c6c5178d38e0fa182875b43d215722daf43988a5889c

    Download Submit

  • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
    Filesize

    970KB

    MD5

    a85e69a05e8cfe24c8e57611fb60b827

    SHA1

    1600675009e591e8ec952338f3fe2b667dc04cf1

    SHA256

    2179196f4e2876a4f39180c5764b52b960240a2e87133756f118977585c0bed4

    SHA512

    6977b29d9543810bddc964a61d270df7552027e2a07d63263526487314983972e3e3506f4d01c83b7605c6c5178d38e0fa182875b43d215722daf43988a5889c

    Download Submit

  • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
    Filesize

    970KB

    MD5

    a85e69a05e8cfe24c8e57611fb60b827

    SHA1

    1600675009e591e8ec952338f3fe2b667dc04cf1

    SHA256

    2179196f4e2876a4f39180c5764b52b960240a2e87133756f118977585c0bed4

    SHA512

    6977b29d9543810bddc964a61d270df7552027e2a07d63263526487314983972e3e3506f4d01c83b7605c6c5178d38e0fa182875b43d215722daf43988a5889c

    Download Submit

  • C:\program files (x86)\internet explorer\wmpscfgs.exe
    Filesize

    970KB

    MD5

    a85e69a05e8cfe24c8e57611fb60b827

    SHA1

    1600675009e591e8ec952338f3fe2b667dc04cf1

    SHA256

    2179196f4e2876a4f39180c5764b52b960240a2e87133756f118977585c0bed4

    SHA512

    6977b29d9543810bddc964a61d270df7552027e2a07d63263526487314983972e3e3506f4d01c83b7605c6c5178d38e0fa182875b43d215722daf43988a5889c

    Download Submit

  • \??\c:\program files (x86)\adobe\acrotray .exe
    Filesize

    997KB

    MD5

    be4e1fd3a6b6f4dd50aef883832ab8ff

    SHA1

    7e0794d235c09e807a3d13c7714004a9b1f6add9

    SHA256

    8070df813df2973ee4f73a659a0b1d78a16805cb742bf8254d0d1e156e11ba53

    SHA512

    af1c47de0d54f70288d5eaf1235ee4eb3ad86fabdb787da799d8497c4bef3df2f270effb10c7b53f13d3827bfd2a7e446a05b774c90e18fd41115fec92d086ea

    Download Submit

  • \??\c:\program files (x86)\microsoft office\office14\bcssync.exe
    Filesize

    968KB

    MD5

    76b1911a191ae92d4ef803cc1377e5ff

    SHA1

    9791c282a7db58127d9e7b163b658c48eaafdcd8

    SHA256

    bb37948404ccfdc9cc006fbbed1e86c48fe10a54d22e9e606f2e601c25ea17fc

    SHA512

    99f5745a39ed36d4f1caada1d21772e35ee8b5d3d5809dc07b3f4501d78767aee4ab55575983e70d0277bed07c4f4d07bf3c35265980fe4f9da3229c386e96a6

    Download Submit

  • \Program Files (x86)\Internet Explorer\wmpscfgs.exe
    Filesize

    970KB

    MD5

    a85e69a05e8cfe24c8e57611fb60b827

    SHA1

    1600675009e591e8ec952338f3fe2b667dc04cf1

    SHA256

    2179196f4e2876a4f39180c5764b52b960240a2e87133756f118977585c0bed4

    SHA512

    6977b29d9543810bddc964a61d270df7552027e2a07d63263526487314983972e3e3506f4d01c83b7605c6c5178d38e0fa182875b43d215722daf43988a5889c

    Download Submit

  • \Program Files (x86)\Internet Explorer\wmpscfgs.exe
    Filesize

    970KB

    MD5

    a85e69a05e8cfe24c8e57611fb60b827

    SHA1

    1600675009e591e8ec952338f3fe2b667dc04cf1

    SHA256

    2179196f4e2876a4f39180c5764b52b960240a2e87133756f118977585c0bed4

    SHA512

    6977b29d9543810bddc964a61d270df7552027e2a07d63263526487314983972e3e3506f4d01c83b7605c6c5178d38e0fa182875b43d215722daf43988a5889c

    Download Submit

  • \Program Files (x86)\Internet Explorer\wmpscfgs.exe
    Filesize

    970KB

    MD5

    a85e69a05e8cfe24c8e57611fb60b827

    SHA1

    1600675009e591e8ec952338f3fe2b667dc04cf1

    SHA256

    2179196f4e2876a4f39180c5764b52b960240a2e87133756f118977585c0bed4

    SHA512

    6977b29d9543810bddc964a61d270df7552027e2a07d63263526487314983972e3e3506f4d01c83b7605c6c5178d38e0fa182875b43d215722daf43988a5889c

    Download Submit

  • \Program Files (x86)\Internet Explorer\wmpscfgs.exe
    Filesize

    970KB

    MD5

    a85e69a05e8cfe24c8e57611fb60b827

    SHA1

    1600675009e591e8ec952338f3fe2b667dc04cf1

    SHA256

    2179196f4e2876a4f39180c5764b52b960240a2e87133756f118977585c0bed4

    SHA512

    6977b29d9543810bddc964a61d270df7552027e2a07d63263526487314983972e3e3506f4d01c83b7605c6c5178d38e0fa182875b43d215722daf43988a5889c

    Download Submit

  • memory/1736-54-0x0000000075DA1000-0x0000000075DA3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1736-55-0x0000000010000000-0x0000000010010000-memory.dmp

    Filesize

    64KB

    Download