Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

38532011b5...e7.exe

windows7-x64

7

38532011b5...e7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    88s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/10/2022, 12:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    38532011b53a8b1f39c77576ba187e53abf72e8b2c3cae0a40db7030d027a2e7.exe

  • Size

    295KB

  • MD5

    91e2443a602bf99accecf6e13c04ff50

  • SHA1

    4516b0b4377a2f8e59d49f3accc9eb2bed0d8271

  • SHA256

    38532011b53a8b1f39c77576ba187e53abf72e8b2c3cae0a40db7030d027a2e7

  • SHA512

    f6dddafbe2ad2ae1a71422b1e0471a635a68f36ec4f934b7a74d72a6b6addaed0ea74e33a276e4dada4a1f4e29f7d756ddde667c4f93a1a56101fe24bbf8f112

  • SSDEEP

    6144:VQ6Yd0LZbZhY2U1FCDvzqQy/yvnSV+1hSDh8rkcMgJHK35ITm:VQMZbZhYiDucaV+1h6LcoJ7

Score
7/10

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\38532011b53a8b1f39c77576ba187e53abf72e8b2c3cae0a40db7030d027a2e7.exe
    "C:\Users\Admin\AppData\Local\Temp\38532011b53a8b1f39c77576ba187e53abf72e8b2c3cae0a40db7030d027a2e7.exe"
    1⤵
    • Drops startup file
    • Drops file in Windows directory
    PID:1824

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1824-132-0x00000000050C0000-0x00000000050EF000-memory.dmp

    Filesize

    188KB

    Download