Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

2e32092eee...01.exe

windows7-x64

10

2e32092eee...01.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    79s
  • max time network
    178s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    28/10/2022, 22:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2e32092eeea3620932716d3b6d5fb1e2b9dfaf28185700d7b8372cbd341ee101.exe

  • Size

    4.2MB

  • MD5

    789c0afd62c09b0bf2cef650b9f68bd8

  • SHA1

    f1731af4afbd8f90f48e6e2fb5249967ac7a7e07

  • SHA256

    2e32092eeea3620932716d3b6d5fb1e2b9dfaf28185700d7b8372cbd341ee101

  • SHA512

    82632743b6d3e85916d7131bae73e538be91dd909070ae2c17ffd9135d0ad0568585a560e733a771b04d9754cf5d836ae1061fbe20c7b5a58e6b904940c30719

  • SSDEEP

    98304:qNio6GYhlGYi2gK6RqqNUHw4uIolk/3QIDpGYXV4cVYK:Mi5hjGagTR34ilkPQ2AYXnWK

Score
10/10
rmsrattrojan

Malware Config

Signatures

  • RMS

    Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    trojanratrms
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2e32092eeea3620932716d3b6d5fb1e2b9dfaf28185700d7b8372cbd341ee101.exe
    "C:\Users\Admin\AppData\Local\Temp\2e32092eeea3620932716d3b6d5fb1e2b9dfaf28185700d7b8372cbd341ee101.exe"
    1⤵
      PID:1144
      • C:\Windows\SysWOW64\7z.exe
        "7z.exe" x -p1234 sysfiles.7z
        2⤵
          PID:2036
        • C:\Windows\SysWOW64\sysfiles\rutserv.exe
          "C:\Windows\system32\sysfiles\rutserv.exe" /silentinstall
          2⤵
            PID:1912

        Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\7z.dll
          Filesize

          18KB

          MD5

          1f58d04450296440288eefd67bc64621

          SHA1

          33075b690fad1b99b8cfd45e45680a00634a647e

          SHA256

          16c799dc9735a6d62e9084751366d3a6dd515097ca1309bf135aa3eb29c2450a

          SHA512

          2c4796c2ac3390bde0f76fc1f179ef5125c78779f348ba7da1347667eea86eef6756f3a24ed34a06ac718bdccb864fd32c1195508b5699a7d29d4e61f5af6074

          Download Submit

        • C:\Windows\SysWOW64\7z.exe
          Filesize

          18KB

          MD5

          6f0b80bd8fd2a7cca385fb90df8d1eb6

          SHA1

          0cb217b0626bf658f0d56ba8e0c404694614fd01

          SHA256

          0988bffabdac3091f57debb1b77716b33569381918ee17ee94fd56c07afdd40c

          SHA512

          7c104a9bb7269b93b4abb80db517c209dd8d5caa2849bda0e3085433495295b1ab6bedb5a231c7d796171ec1c5e3bbfa049168b01f8ba3c8bc1d58ff6f9e8b97

          Download Submit

        • C:\Windows\SysWOW64\sysfiles.7z
          Filesize

          31KB

          MD5

          85b31ac358bf6d271cfcca75a6224405

          SHA1

          f56a2d761e850f2a7eda12d924f40128027f5d55

          SHA256

          9e1031cf309aa82f13b915749120dd43de21f22a1d993a1ffd6767360473a25b

          SHA512

          3e3423910c2438f054c7f7041f3804a552130d0c507e5d48356155f97efaf76047ff579b710a8115cc1ac3f2cd14a65ae7216468fff2d23d352c7bf27d2a05a0

          Download Submit

        • C:\Windows\SysWOW64\sysfiles\rutserv.exe
          Filesize

          92KB

          MD5

          d1e17cc55d11de210915f2549f6c5b80

          SHA1

          e7d536073e133f9aae852147e456483c7448a267

          SHA256

          7ac9963ed8ae242814f3a702611718071c288911bba4d0c9af9e6196034451b7

          SHA512

          44deeaeb394e1186398392ceb217e490b857542289bf52fa9660a6f3dc7a0550596368aec559c32a60cc4b1f0d6acd6de851085829683e999c5f7e5d94e9f1e2

          Download Submit

        • C:\Windows\SysWOW64\sysfiles\rutserv.exe
          Filesize

          12KB

          MD5

          dca26f864bf820f1ff1f641cf8988c6b

          SHA1

          0ac4b3011db659a72e372e39a9abb90b5c05ef16

          SHA256

          eeed2f17f73c77fa743a027ccdc1d4a05edba81a57d6c32a7d9560cf0a3e3c65

          SHA512

          8404992cca434854000e8f2a4401e9df6d69870db59bbb565e6f11d0ab5906b9f192c70414a34c7a27128b120a8d1e13dd97ac82fe9192b436387a5fe4ddb261

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nst2F4C.tmp\nsExec.dll
          Filesize

          6KB

          MD5

          acc2b699edfea5bf5aae45aba3a41e96

          SHA1

          d2accf4d494e43ceb2cff69abe4dd17147d29cc2

          SHA256

          168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

          SHA512

          e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nst2F4C.tmp\nsExec.dll
          Filesize

          6KB

          MD5

          acc2b699edfea5bf5aae45aba3a41e96

          SHA1

          d2accf4d494e43ceb2cff69abe4dd17147d29cc2

          SHA256

          168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

          SHA512

          e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

          Download Submit

        • \Windows\SysWOW64\7z.dll
          Filesize

          54KB

          MD5

          07ccd452e71d2b440f75026e90800d30

          SHA1

          f7129507e41a379483b22d54bf516103198309ac

          SHA256

          81e9839a75828ab826d19e77677cbb52b2daaddaf75a34886ca8bcc517ededdd

          SHA512

          0bdf17b0d45ce9fbf561d8156244a4732a62dce44175df8440ea5c55aa331d29c859608d3a68f969f39701f25e0aa7b3f3dfb458d01843f7e876b12a99bd620c

          Download Submit

        • \Windows\SysWOW64\7z.exe
          Filesize

          33KB

          MD5

          5a94327b33d36166b47377249df47f92

          SHA1

          963ea00b83c750da4840393b49e3f2fbc83f33dc

          SHA256

          0e01edd8b9cdeaf9548e93e9a4d089567d9e45ddfd3a289e9efe0cc1b9006449

          SHA512

          edc3ad5713bbf7d7e843f7c764c2b7a2511e4586fec518fa68156520fa569c0b4982dd46734ecf99b9433a2cc452f42b2a7e20c0ea547afd0142463fd874e7c0

          Download Submit

        • \Windows\SysWOW64\7z.exe
          Filesize

          25KB

          MD5

          cc818729ab7f4296fac4c1e42584530c

          SHA1

          bda2ff585eac8094e7943b434fa41bedf712247b

          SHA256

          19de1df20ca02cbed2143a836498bc0f7d03d3bba9c0dd94a8068c9b471ae373

          SHA512

          acca983d506bd51e134096f86ba1d295250a0e4bf4c9fd8fc8c7ad52621a7ad3f911c580a830ca15776dfbe60b2f3e2931c529e65e3a628f9b50cbc1124c5e8a

          Download Submit

        • \Windows\SysWOW64\sysfiles\rutserv.exe
          Filesize

          24KB

          MD5

          3186c96ea7d23a7cd6a11e017cdf6505

          SHA1

          9ad5b73f29cd30aeaa87549cc80df2f3dcac7211

          SHA256

          8217ffd3872378533864c7613df25aa6b0ab87017a799c6681d2f84d63dc292c

          SHA512

          ad5d09457f8a523bcc6281fc67ad1fb05a79b469ade73447b0d0909b9a3285586d6c734c52d71a0c89a61b9e151222320c35c6377062b0a19c40f7356a99b468

          Download Submit

        • memory/1144-54-0x0000000076DC1000-0x0000000076DC3000-memory.dmp

          Filesize

          8KB

          Download