Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

5

da1cfb8b31...dc.exe

windows7-x64

8

da1cfb8b31...dc.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    30s
  • max time network
    57s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/10/2022, 22:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    da1cfb8b31e9e48f2dc9c4b59b8009cff044e4351805312262b9c56561476edc.exe

  • Size

    1.5MB

  • MD5

    0d63a26c1e9bd7f7b5aa31df64030ce3

  • SHA1

    fc93d332dfdb99337b9fdc28895adf1bfa46aa62

  • SHA256

    da1cfb8b31e9e48f2dc9c4b59b8009cff044e4351805312262b9c56561476edc

  • SHA512

    cb4247469fbcf3a208e5afc9cdb41f7a7047ed1eb69a178fea40c17ae80f64bb6e06c6da92c4f3196486fc149096b978e6a1e1e14bfbbd9ab7832510b8b53216

  • SSDEEP

    24576:3RmJkcoQricOIQxiZY1ialMai6Ro1s8JyfsOqa6tBkazn572zqto4L+rXgWm:8JZoQrbTFZY1ialMaiNFyfsOlc95Ikom

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 11 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Uses the VBS compiler for execution 1 TTPs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\da1cfb8b31e9e48f2dc9c4b59b8009cff044e4351805312262b9c56561476edc.exe
    "C:\Users\Admin\AppData\Local\Temp\da1cfb8b31e9e48f2dc9c4b59b8009cff044e4351805312262b9c56561476edc.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1984
    • C:\Users\Admin\AppData\Local\Temp\da1cfb8b31e9e48f2dc9c4b59b8009cff044e4351805312262b9c56561476edc.exe
      "C:\Users\Admin\AppData\Local\Temp\da1cfb8b31e9e48f2dc9c4b59b8009cff044e4351805312262b9c56561476edc.exe" /AutoIt3ExecuteScript C:\Users\Admin\AppData\Local\Temp\hRJchVhUf
      2⤵
        PID:4396
        • C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
          "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
          3⤵
            PID:4980
            • C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
              C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
              4⤵
                PID:2808
            • C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
              "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
              3⤵
                PID:2076
                • C:\Windows\SysWOW64\cmd.exe
                  cmd /c del /q /f %temp%\*.lnk
                  4⤵
                    PID:2512

            Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\hRJchVhUf
              Filesize

              23KB

              MD5

              fe3c4b9fd86d85978b424e368085738b

              SHA1

              59b92a8f0662f9d6b109ef425ba50c3aecca940d

              SHA256

              7cb4dd1ac9bda99ea62d653d5ebfab13b3e1a13af9cd96a7e873ee6ed65517f0

              SHA512

              351e9e4016c705ec4e591ca21d7955eaa42f5f70618a3d180ea7ae16e7219aa15be21b88353410c31ae93165f62563d6238c9d90d880bb1c02dfbf54f4a139c1

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\9hGVNkAaKZH\9hGVNkAaKZH.dat
              Filesize

              2B

              MD5

              93e00066d099c0485cfffa1359246d26

              SHA1

              bc69a773f37b2f2071e25f755a66d47b871e5d98

              SHA256

              3b271649a94ad5be4ef46ecbb6a4e7363e8498b7e69b751737bf30df2e0d1dde

              SHA512

              d3dfe508cacae7d36f13908134b5b438b87429fcf93ccb060bcfa346c04633a99e9ca497297418c969537be1da2405171982794055dd0f52e59a82720d3b3d02

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\9hGVNkAaKZH\9hGVNkAaKZH.nfo
              Filesize

              3KB

              MD5

              5fae023d0f4d9d94bcdbf6b5581a71ca

              SHA1

              b6569e50b87b53c912430e8fe1dc1eda4192053e

              SHA256

              1ff222637a9ef5c034bba5747b119bba0b7635aaf308832d2410d83b89f07ea2

              SHA512

              97718df3e5f51d20966e4682bcd3ec29b43deafa912b46977197d51e55a1a34431f601462d658e58f5b6057e6708315b38f3a7432494ba8b0dbac31471b90b1c

              Download Submit

            • memory/2076-142-0x0000000000400000-0x0000000000425000-memory.dmp

              Filesize

              148KB

              Download

            • memory/2076-141-0x0000000000400000-0x0000000000425000-memory.dmp

              Filesize

              148KB

              Download

            • memory/2076-139-0x0000000000400000-0x0000000000425000-memory.dmp

              Filesize

              148KB

              Download

            • memory/2076-147-0x0000000000400000-0x0000000000425000-memory.dmp

              Filesize

              148KB

              Download

            • memory/2808-161-0x0000000001611000-0x00000000016C4000-memory.dmp

              Filesize

              716KB

              Download

            • memory/2808-160-0x00000000016C4000-0x000000000171C000-memory.dmp

              Filesize

              352KB

              Download

            • memory/2808-151-0x0000000001610000-0x000000000171E000-memory.dmp

              Filesize

              1.1MB

              Download

            • memory/2808-150-0x0000000001610000-0x000000000171E000-memory.dmp

              Filesize

              1.1MB

              Download

            • memory/2808-153-0x0000000001610000-0x000000000171E000-memory.dmp

              Filesize

              1.1MB

              Download

            • memory/2808-155-0x0000000001610000-0x000000000171E000-memory.dmp

              Filesize

              1.1MB

              Download

            • memory/2808-157-0x0000000001610000-0x000000000171E000-memory.dmp

              Filesize

              1.1MB

              Download

            • memory/2808-156-0x0000000001610000-0x000000000171E000-memory.dmp

              Filesize

              1.1MB

              Download

            • memory/2808-149-0x0000000001610000-0x000000000171E000-memory.dmp

              Filesize

              1.1MB

              Download

            • memory/4980-154-0x0000000000400000-0x000000000046F000-memory.dmp

              Filesize

              444KB

              Download

            • memory/4980-136-0x0000000000400000-0x000000000046F000-memory.dmp

              Filesize

              444KB

              Download

            • memory/4980-146-0x0000000000400000-0x000000000046F000-memory.dmp

              Filesize

              444KB

              Download

            • memory/4980-135-0x0000000000400000-0x000000000046F000-memory.dmp

              Filesize

              444KB

              Download

            • memory/4980-137-0x0000000000400000-0x000000000046F000-memory.dmp

              Filesize

              444KB

              Download