Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

a618835791...61.exe

windows7-x64

7

a618835791...61.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    31s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    28/10/2022, 23:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a618835791803658f70206b7f697165cecd1ad532c8f14e49bc93d3a0a133461.exe

  • Size

    1.1MB

  • MD5

    0b15143903635fafae49dbf03407af7b

  • SHA1

    632008a3f5b2d730826e6a95a260e36e38b7d7b0

  • SHA256

    a618835791803658f70206b7f697165cecd1ad532c8f14e49bc93d3a0a133461

  • SHA512

    9efb69260332cb0f9011c939eae1349710317b611877351d3c607a5811b4fc216e779e16199e6c40fd7aad56d7376cfc0df0c5c29f86470f28ccce0f7625fac4

  • SSDEEP

    24576:ww0peow6/GmPN760aABzSbE0nc4v2o6IsQPTYDIH17GwoYw:oTbVSrz6nWH1GP/

Score
7/10

Malware Config

Signatures

  • Drops startup file 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\a618835791803658f70206b7f697165cecd1ad532c8f14e49bc93d3a0a133461.exe
    "C:\Users\Admin\AppData\Local\Temp\a618835791803658f70206b7f697165cecd1ad532c8f14e49bc93d3a0a133461.exe"
    1⤵
    • Drops startup file
    PID:1636
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del c:\users\admin\appdata\local\temp\A61883~1.EXE >> NUL
      2⤵
        PID:1536
      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\search.cmd
        "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\search.cmd"
        2⤵
          PID:1756

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\search.cmd
        Filesize

        37KB

        MD5

        904084f626b7effb9020ab0107feb125

        SHA1

        a08bd1f5713e024cacbf3fc7ea7020b6fafb371f

        SHA256

        9c0ae09dd8803fbbb130ac3d8b094c5293a24d55ab8be3e4fe023ecef9224bdf

        SHA512

        234a65ad078c3d4f251d5a40e9aedffc0c7a08e5813798d2c224e65d08045ebe27a6e4713dc06781c7a196e007ea89424c9663ca5514aff56113f2918ef25811

        Download Submit

      • \Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\search.cmd
        Filesize

        73KB

        MD5

        a5a3426f1bae2dd9524f3eb38f431e9c

        SHA1

        bcfe4374ba8ded24d050b44facea108a6f543e67

        SHA256

        ef26833a258d9ad5d79ccb63e4e66c115ecf9c8fa148d454a0cea9a8117bba3f

        SHA512

        b99dd3a573d5b8523c03f42704c1863420e026bd49ab128d9f49f50a4ae50db20baba1a1a1cf1f32af06e0393aad98f417e22226a9467b150198d6dd25e1da92

        Download Submit

      • \Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\search.cmd
        Filesize

        47KB

        MD5

        749067c0ddc2000aa3ce971bb92475fe

        SHA1

        7b528cb9636ed8c98f04bc1b7be49d4211c55399

        SHA256

        103f1ae23102e06adac258c39a594551aceb14754c3fff0d1f60bfd0bec674e7

        SHA512

        ff9cc99af2c466865bcb00be24cae9802437ece468ede17665482b43bb677e09a67905d6a6784856fb4222a46e446340de26434c5f89b492be1881ebea7edc70

        Download Submit

      • memory/1636-54-0x00000000761F1000-0x00000000761F3000-memory.dmp

        Filesize

        8KB

        Download