Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    40s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    21/10/2022, 00:26

General

  • Target

    664110cb21dca93409955f3ca87ca008dfaeac40bd990622d653c76f82d2d1ca.exe

  • Size

    51KB

  • MD5

    75a6e053cb64ad177b693c8b75c09c2a

  • SHA1

    aeb0fb2713015aeaa1eb50bbbf0c4c04acc9ade2

  • SHA256

    664110cb21dca93409955f3ca87ca008dfaeac40bd990622d653c76f82d2d1ca

  • SHA512

    ee17d5811032bc0e503d1a92d27c1ebd1c930d7706beca83d042a9ae4d041f2db5531ad128759aad11f24d948e766de4e1bdac81d42c80006916b591463de34f

  • SSDEEP

    768:04GXdAFiWEYc6o+ip8Rh2BpjILt77frr3Ctnk48x:Em0W06mp8RkBpkLNaBk5x

Score
7/10

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\664110cb21dca93409955f3ca87ca008dfaeac40bd990622d653c76f82d2d1ca.exe
    "C:\Users\Admin\AppData\Local\Temp\664110cb21dca93409955f3ca87ca008dfaeac40bd990622d653c76f82d2d1ca.exe"
    1⤵
    • Drops startup file
    • Loads dropped DLL
    PID:1156

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Roaming\APMV\APMV.exe

    Filesize

    39KB

    MD5

    0e37391795a0c915d40fe2df6706acd3

    SHA1

    01064f3c31fb08ff696759b3fea3e91c30bd4422

    SHA256

    a8232b9fc2be93b2ba96bd70e5121c90b82a62f62fee660aa3944ceaf5c89e11

    SHA512

    4148c3ff5841aea16d50fd6a916deb0e7f25e9d59f727a3e9c2d0ddb358406d565060698d0533953bfe2d92296cacb2341f5ed18904ad1e70a14dad04a948439

  • memory/1156-54-0x0000000076461000-0x0000000076463000-memory.dmp

    Filesize

    8KB