Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

10a874f68c...52.exe

windows7-x64

7

10a874f68c...52.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    107s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/10/2022, 20:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    10a874f68cd31b3b6806157408b24ab817adf27e85594fa2fd9e460088a33a52.exe

  • Size

    111KB

  • MD5

    5b3e0d9d8e5b8c6382491e6676a92e20

  • SHA1

    0c1bec3d03128e3a1c73502073e6501c14cd71d3

  • SHA256

    10a874f68cd31b3b6806157408b24ab817adf27e85594fa2fd9e460088a33a52

  • SHA512

    b36135192d5b754743ecd2674b297060ea4c1d20ca20192f0b215ab1e8afa35219f70bc7b2b2be91d762e162e410b1dbbbff8bed1d5d4e94d7e50eda9785441c

  • SSDEEP

    3072:nemS6MwVQCGo4qiRlUE0aWQ4K9NIgjdswyMRFIb:6CGVLUE0a9RNIg2w0

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\10a874f68cd31b3b6806157408b24ab817adf27e85594fa2fd9e460088a33a52.exe
    "C:\Users\Admin\AppData\Local\Temp\10a874f68cd31b3b6806157408b24ab817adf27e85594fa2fd9e460088a33a52.exe"
    1⤵
    • Checks computer location settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:4796
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Xfj..bat" > nul 2> nul
      2⤵
        PID:416

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Xfj..bat
      Filesize

      274B

      MD5

      fc7be8efa830be554b0d37347d2fef82

      SHA1

      dec6edb5da391e959cf152ba634eb2d8da6d6963

      SHA256

      5b3326cc8f66580b4087c76c598f0ef09e79aa8228d50a0977163fbc2cc8570f

      SHA512

      6c9e2b13b62c4633a3e820242a4957b1468f401ff8ccbea5363cee1409fba5ee0b672011cfb29ed73811718d7784b9d6d2f32ab96709d89b97f2b074e4eecaf5

      Download Submit

    • memory/4796-132-0x0000000000400000-0x0000000000421000-memory.dmp

      Filesize

      132KB

      Download

    • memory/4796-134-0x0000000000400000-0x0000000000421000-memory.dmp

      Filesize

      132KB

      Download