Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
88s -
max time network
91s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
20/10/2022, 13:46
Static task
static1
Behavioral task
behavioral1
Sample
63d8187ed7d4a129ba482b3e0ce3a885e4da52becd83714b4fcab20e658af7ee.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
63d8187ed7d4a129ba482b3e0ce3a885e4da52becd83714b4fcab20e658af7ee.exe
Resource
win10v2004-20220812-en
General
-
Target
63d8187ed7d4a129ba482b3e0ce3a885e4da52becd83714b4fcab20e658af7ee.exe
-
Size
218KB
-
MD5
702a4bda35eac5a0cec6bcdd24901cd5
-
SHA1
0a9373bf95999db0ae512d2a7df46c2a98d6dcf8
-
SHA256
63d8187ed7d4a129ba482b3e0ce3a885e4da52becd83714b4fcab20e658af7ee
-
SHA512
e6dcbd06727b1ccfafa2657e64fe77d2df8b0ef4c58a6a379780b3f88dffa8259e6449cf7d1515ebadcd5b399652e3d1066219e05a14231caf81a4e8ad0724c6
-
SSDEEP
3072:uUlUHnCkLzLB5yd52gbHD8CSp+cpK0eFVyQBseW9mZmxyew+fH:uikfLBR2D8j+cy+QjW9mZmYhgH
Malware Config
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\disk\enum 63d8187ed7d4a129ba482b3e0ce3a885e4da52becd83714b4fcab20e658af7ee.exe Key value enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum 63d8187ed7d4a129ba482b3e0ce3a885e4da52becd83714b4fcab20e658af7ee.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\Tasks\BagTags.job 63d8187ed7d4a129ba482b3e0ce3a885e4da52becd83714b4fcab20e658af7ee.exe