Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

29/10/2022, 05:36

221029-gawxlsdfcm 8

Analysis

  • max time kernel
    60s
  • max time network
    88s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/10/2022, 05:36

General

  • Target

    disk-drill-win.exe

  • Size

    28.9MB

  • MD5

    1730dff22c3688600b80474038776342

  • SHA1

    d260d5d4aa9a6da30edb94d935cf9566e89c06bb

  • SHA256

    3eef9e4cf03a4a99b5cd36b711c8c6fdbedfdd9e3842f97b5801b68fa9751b1e

  • SHA512

    3e0b41184f20d7228c48cad79d49362438a9f2b931b2e1325d36c71d3444258c11d39eb411f9a735de51b0c89c526c528221aed6c6f6b74083fc391c0fb769e2

  • SSDEEP

    786432:ZGp1L8SK2xg3n0aHnIa8nVJeilE0y8jtaUjD19QLDZ:U4Sj6Zjijdjtrc

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\disk-drill-win.exe
    "C:\Users\Admin\AppData\Local\Temp\disk-drill-win.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4972
    • C:\Windows\Temp\{52E44F20-4AF5-4BC8-BD19-62D47D6717F6}\.cr\disk-drill-win.exe
      "C:\Windows\Temp\{52E44F20-4AF5-4BC8-BD19-62D47D6717F6}\.cr\disk-drill-win.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\disk-drill-win.exe" -burn.filehandle.attached=532 -burn.filehandle.self=540
      2⤵
      • Executes dropped EXE
      PID:5116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Temp\{52E44F20-4AF5-4BC8-BD19-62D47D6717F6}\.cr\disk-drill-win.exe

    Filesize

    90KB

    MD5

    c05fde60bfe9b88a017d5f33180cfc7b

    SHA1

    96bad74e8000320e884b01041d6434963aad2066

    SHA256

    bd50b6e617dbafb6be054757f34ddd0434eabc04360e2fc88f929462f1489784

    SHA512

    2dff405b474341f365abec2b36c6d2aea5e6aae41584b0e5c965a97b28921ececd3dc8eed476a272ea84932b32da97d3e46fb91ac36e676aa26c5cc65ae24a1a

  • C:\Windows\Temp\{52E44F20-4AF5-4BC8-BD19-62D47D6717F6}\.cr\disk-drill-win.exe

    Filesize

    84KB

    MD5

    e029096fbdfb6c69129dd114d9f01551

    SHA1

    4589e4fe56e423af5ca676738bf6346c12a12df4

    SHA256

    71c5ff3cad3d9b17f4323ed4a434f0025fd54477f13f1430438f99c8fa8105c1

    SHA512

    ff681cf96eb94361e9389232ba2cde1ab30de4d04f43e50a4072dbb37d12dc68791e0d6551e9f50652bbae49b26be373b89fa00cd7292122c4410097934ac3c9

  • C:\Windows\Temp\{AF6EC987-761E-4E18-9069-D25A231B1EA7}\.ba\wixstdba.dll

    Filesize

    32KB

    MD5

    046d809cfa5b4c82ca0ad50f496e82c1

    SHA1

    171fc5d9858458d865afe54166fadd1cb6cf712b

    SHA256

    44a06c30ff23be42b01404dcc60e28a8143585ff9a682783b336ced8e3631681

    SHA512

    c08b25fdf180b133a1b924d285b331ed81161bc47567f7e824435fb4271dd4bedfb5d1bad9be9b36a5e172482ecc4920c7ecc9d3addbfde750c310ac0b0a5ef4