Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
42s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
28/10/2022, 18:53
Static task
static1
Behavioral task
behavioral1
Sample
c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4.exe
Resource
win10v2004-20220812-en
General
-
Target
c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4.exe
-
Size
61KB
-
MD5
0c06e0424a602fd59ce51a0aecd65130
-
SHA1
8bf3c8ff7487520387febef57a7245d1bb26a625
-
SHA256
c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4
-
SHA512
cd3466bd6b381cb9cc6b75b5832ca19aeaca870944c9c737d001bf7ced095d553d786a9a8e16602cb8cb3015376911fe515c876c85fcec3f2d484d4c1e8aa650
-
SSDEEP
768:bZ/KwcvsijOqve2rtwuP+ya1uesvikB3HlSuAlSKuxgwBavytWl/zW:bZ/KwcvsiIKtwuxgWiktH5AlSwHJlr
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 12 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\vcard_wab_auto_file\ = "vCard File" c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\vcard_wab_auto_file\shell\open\command c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\vcard_wab_auto_file\DefaultIcon c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/x-vcard c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\vcard_wab_auto_file c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.vcf c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.vcf\ = "vcard_wab_auto_file" c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.vcf\Content Type = "text/x-vcard" c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\vcard_wab_auto_file\shell\open\command\ = "\"C:\\Program Files (x86)\\Windows Mail\\wab.exe\" /vcard %1" c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\vcard_wab_auto_file\DefaultIcon\ = "\"C:\\Program Files (x86)\\Windows Mail\\wab.exe\",1" c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/x-vcard\Extension = ".vcf" c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.wab c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4.exe