Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

8594e4d1c3...0f.exe

windows7-x64

7

8594e4d1c3...0f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    28/10/2022, 23:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8594e4d1c317a386d9dc19303420251916dec3bf4342fb3c03e63a2b05ed200f.exe

  • Size

    311KB

  • MD5

    0bcd1b3c61ef25f3966478cdb8f00ea0

  • SHA1

    2a7475dc8ae8f39739b38c974f26875812bf40cf

  • SHA256

    8594e4d1c317a386d9dc19303420251916dec3bf4342fb3c03e63a2b05ed200f

  • SHA512

    8ba1eb2ebf07ca85baeeadc02e01520c5a43c3651c691a3e2dac89828db8790bbe769249122b1495b847ed40fd3ae255b5015e581fdbeba46c6c4794092ce81d

  • SSDEEP

    6144:I+K0w1Vnr/l7OV06m+AWs0OuOT8N6iiQPN2ncf4V03py/L:JwHr/xOyRx0OfT8/xPU03oL

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\8594e4d1c317a386d9dc19303420251916dec3bf4342fb3c03e63a2b05ed200f.exe
    "C:\Users\Admin\AppData\Local\Temp\8594e4d1c317a386d9dc19303420251916dec3bf4342fb3c03e63a2b05ed200f.exe"
    1⤵
    • Loads dropped DLL
    PID:1644

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsiF70D.tmp\nsisdl.dll
    Filesize

    14KB

    MD5

    1dadb63a5dfaa0679485c5dbaf96033f

    SHA1

    d1717aab683c55bd13bbd520d2a91178efa0d676

    SHA256

    72c65f7cd4a611b077b1ad0be8185780909e9cb04c53ecdac3e17fc72c99b245

    SHA512

    46535c2d96937d49ee7c222428db4a8d61eb346efa0845fcd88e06523ed7836518e5a72d623e9c5563bf6759b449b6d2fcb0340b98a6e7966027bc983db4f722

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsiF70D.tmp\nsisdl.dll
    Filesize

    14KB

    MD5

    1dadb63a5dfaa0679485c5dbaf96033f

    SHA1

    d1717aab683c55bd13bbd520d2a91178efa0d676

    SHA256

    72c65f7cd4a611b077b1ad0be8185780909e9cb04c53ecdac3e17fc72c99b245

    SHA512

    46535c2d96937d49ee7c222428db4a8d61eb346efa0845fcd88e06523ed7836518e5a72d623e9c5563bf6759b449b6d2fcb0340b98a6e7966027bc983db4f722

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsiF70D.tmp\nsisdl.dll
    Filesize

    14KB

    MD5

    1dadb63a5dfaa0679485c5dbaf96033f

    SHA1

    d1717aab683c55bd13bbd520d2a91178efa0d676

    SHA256

    72c65f7cd4a611b077b1ad0be8185780909e9cb04c53ecdac3e17fc72c99b245

    SHA512

    46535c2d96937d49ee7c222428db4a8d61eb346efa0845fcd88e06523ed7836518e5a72d623e9c5563bf6759b449b6d2fcb0340b98a6e7966027bc983db4f722

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsiF70D.tmp\nsisdl.dll
    Filesize

    14KB

    MD5

    1dadb63a5dfaa0679485c5dbaf96033f

    SHA1

    d1717aab683c55bd13bbd520d2a91178efa0d676

    SHA256

    72c65f7cd4a611b077b1ad0be8185780909e9cb04c53ecdac3e17fc72c99b245

    SHA512

    46535c2d96937d49ee7c222428db4a8d61eb346efa0845fcd88e06523ed7836518e5a72d623e9c5563bf6759b449b6d2fcb0340b98a6e7966027bc983db4f722

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsiF70D.tmp\nsisdl.dll
    Filesize

    14KB

    MD5

    1dadb63a5dfaa0679485c5dbaf96033f

    SHA1

    d1717aab683c55bd13bbd520d2a91178efa0d676

    SHA256

    72c65f7cd4a611b077b1ad0be8185780909e9cb04c53ecdac3e17fc72c99b245

    SHA512

    46535c2d96937d49ee7c222428db4a8d61eb346efa0845fcd88e06523ed7836518e5a72d623e9c5563bf6759b449b6d2fcb0340b98a6e7966027bc983db4f722

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsiF70D.tmp\nsisdl.dll
    Filesize

    9KB

    MD5

    b7adec794468bf97082ea04e90542441

    SHA1

    75d09e86bd56256d52770a74699b00f76b0cab9f

    SHA256

    66817d19dd184752672ec1804935c6099371c66ca9ae210d7237e35350ee6a9a

    SHA512

    3047b0cba55eb35f8aad947181dd9b0519f7e2d5f0dbad0e417c9ad974d96c42a8a26a243bfe1b22ea2a6a715de0d842bf9c252fb91d721a22c57db184ee9a9f

    Download Submit

  • memory/1644-54-0x0000000075A11000-0x0000000075A13000-memory.dmp

    Filesize

    8KB

    Download