Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
31s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
28/10/2022, 23:14
Static task
static1
Behavioral task
behavioral1
Sample
a618835791803658f70206b7f697165cecd1ad532c8f14e49bc93d3a0a133461.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
a618835791803658f70206b7f697165cecd1ad532c8f14e49bc93d3a0a133461.exe
Resource
win10v2004-20220812-en
General
-
Target
a618835791803658f70206b7f697165cecd1ad532c8f14e49bc93d3a0a133461.exe
-
Size
1.1MB
-
MD5
0b15143903635fafae49dbf03407af7b
-
SHA1
632008a3f5b2d730826e6a95a260e36e38b7d7b0
-
SHA256
a618835791803658f70206b7f697165cecd1ad532c8f14e49bc93d3a0a133461
-
SHA512
9efb69260332cb0f9011c939eae1349710317b611877351d3c607a5811b4fc216e779e16199e6c40fd7aad56d7376cfc0df0c5c29f86470f28ccce0f7625fac4
-
SSDEEP
24576:ww0peow6/GmPN760aABzSbE0nc4v2o6IsQPTYDIH17GwoYw:oTbVSrz6nWH1GP/
Malware Config
Signatures
-
Drops startup file 2 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\search.cmd a618835791803658f70206b7f697165cecd1ad532c8f14e49bc93d3a0a133461.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\search.cmd a618835791803658f70206b7f697165cecd1ad532c8f14e49bc93d3a0a133461.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
-
C:\Users\Admin\AppData\Local\Temp\a618835791803658f70206b7f697165cecd1ad532c8f14e49bc93d3a0a133461.exe"C:\Users\Admin\AppData\Local\Temp\a618835791803658f70206b7f697165cecd1ad532c8f14e49bc93d3a0a133461.exe"1⤵
- Drops startup file
PID:1636 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del c:\users\admin\appdata\local\temp\A61883~1.EXE >> NUL2⤵PID:1536
-
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\search.cmd"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\search.cmd"2⤵PID:1756
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
37KB
MD5904084f626b7effb9020ab0107feb125
SHA1a08bd1f5713e024cacbf3fc7ea7020b6fafb371f
SHA2569c0ae09dd8803fbbb130ac3d8b094c5293a24d55ab8be3e4fe023ecef9224bdf
SHA512234a65ad078c3d4f251d5a40e9aedffc0c7a08e5813798d2c224e65d08045ebe27a6e4713dc06781c7a196e007ea89424c9663ca5514aff56113f2918ef25811
-
Filesize
73KB
MD5a5a3426f1bae2dd9524f3eb38f431e9c
SHA1bcfe4374ba8ded24d050b44facea108a6f543e67
SHA256ef26833a258d9ad5d79ccb63e4e66c115ecf9c8fa148d454a0cea9a8117bba3f
SHA512b99dd3a573d5b8523c03f42704c1863420e026bd49ab128d9f49f50a4ae50db20baba1a1a1cf1f32af06e0393aad98f417e22226a9467b150198d6dd25e1da92
-
Filesize
47KB
MD5749067c0ddc2000aa3ce971bb92475fe
SHA17b528cb9636ed8c98f04bc1b7be49d4211c55399
SHA256103f1ae23102e06adac258c39a594551aceb14754c3fff0d1f60bfd0bec674e7
SHA512ff9cc99af2c466865bcb00be24cae9802437ece468ede17665482b43bb677e09a67905d6a6784856fb4222a46e446340de26434c5f89b492be1881ebea7edc70