Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

fe5a61d902...36.exe

windows7-x64

8

fe5a61d902...36.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    175s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    21/10/2022, 04:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fe5a61d902fda17b20ed1d687ed141963d308f88cda5ca5cbe4402037abc0936.exe

  • Size

    28KB

  • MD5

    69398882063fe4d57568acbae2a2e570

  • SHA1

    4594b2f7ee6c3854228c2a43b4f448e3d4ed222f

  • SHA256

    fe5a61d902fda17b20ed1d687ed141963d308f88cda5ca5cbe4402037abc0936

  • SHA512

    64d292635391410f343ca8056cf14eaf27509a07ae3df64b7403ffcb7a2152edf61a8992f9487fb187eb5ac014f67c0f3d14f8e760772b0c92667ae259ef41e7

  • SSDEEP

    768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjBVaDd:X6QFElP6n+gJQMOtEvwDpjBc

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fe5a61d902fda17b20ed1d687ed141963d308f88cda5ca5cbe4402037abc0936.exe
    "C:\Users\Admin\AppData\Local\Temp\fe5a61d902fda17b20ed1d687ed141963d308f88cda5ca5cbe4402037abc0936.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:976
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:1972

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    29KB

    MD5

    d37cf15e41d4d6db75a9425cb6293bad

    SHA1

    a6ac4c548742160452f8d4056f59af8ea750c260

    SHA256

    0f5a3d9f89e2fca8732683ffe79506f082336d0e31fc7bb974e0afb65c6aa825

    SHA512

    9910c7915b053256b8cdf25d4aa9001d6d12fd4b0bad9267a7b2b58d4732232fe9f6dcb0451c4922608723af13f9b2eceb66a74745183c319a6b7b6d6b95c272

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    29KB

    MD5

    d37cf15e41d4d6db75a9425cb6293bad

    SHA1

    a6ac4c548742160452f8d4056f59af8ea750c260

    SHA256

    0f5a3d9f89e2fca8732683ffe79506f082336d0e31fc7bb974e0afb65c6aa825

    SHA512

    9910c7915b053256b8cdf25d4aa9001d6d12fd4b0bad9267a7b2b58d4732232fe9f6dcb0451c4922608723af13f9b2eceb66a74745183c319a6b7b6d6b95c272

    Download Submit

  • \Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    29KB

    MD5

    d37cf15e41d4d6db75a9425cb6293bad

    SHA1

    a6ac4c548742160452f8d4056f59af8ea750c260

    SHA256

    0f5a3d9f89e2fca8732683ffe79506f082336d0e31fc7bb974e0afb65c6aa825

    SHA512

    9910c7915b053256b8cdf25d4aa9001d6d12fd4b0bad9267a7b2b58d4732232fe9f6dcb0451c4922608723af13f9b2eceb66a74745183c319a6b7b6d6b95c272

    Download Submit

  • memory/976-54-0x0000000000360000-0x0000000000366000-memory.dmp

    Filesize

    24KB

    Download

  • memory/976-55-0x0000000075A81000-0x0000000075A83000-memory.dmp

    Filesize

    8KB

    Download

  • memory/976-56-0x0000000000490000-0x0000000000496000-memory.dmp

    Filesize

    24KB

    Download

  • memory/976-65-0x0000000000360000-0x0000000000366000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1972-68-0x0000000000450000-0x0000000000456000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1972-75-0x0000000000320000-0x0000000000326000-memory.dmp

    Filesize

    24KB

    Download