Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1661e16a78...be.exe

windows7-x64

7

1661e16a78...be.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    45s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    30/10/2022, 04:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1661e16a7876140c0bd517206e68c45b11da182d78f9437662df20f9cf69e5be.exe

  • Size

    365KB

  • MD5

    a3a34358280f698075e82de010924720

  • SHA1

    04e6f0a5106cd6f322bc70035429a5c061eeef32

  • SHA256

    1661e16a7876140c0bd517206e68c45b11da182d78f9437662df20f9cf69e5be

  • SHA512

    133d1ec36aea8129c5f103bf5f952b842f437a736bf14cdd5c66d454516fc38ec32a4336dd194d030980b79a1f683cb8c862bbe59acfdc3087123fa44a7cf455

  • SSDEEP

    6144:PRtuWgj6XWZuAsnv22bk0pGpZQKQQM3IbRRD6LneECpZJtFmbR/LfVCe8m:5tuWd0uWmiZ6xbi+km

Score
7/10

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\1661e16a7876140c0bd517206e68c45b11da182d78f9437662df20f9cf69e5be.exe
    "C:\Users\Admin\AppData\Local\Temp\1661e16a7876140c0bd517206e68c45b11da182d78f9437662df20f9cf69e5be.exe"
    1⤵
    • Drops startup file
    • Loads dropped DLL
    PID:2032

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \ProgramData\{26318e65-0a53-9854-2631-18e650a53994}\1661e16a7876140c0bd517206e68c45b11da182d78f9437662df20f9cf69e5be.exe
    Filesize

    365KB

    MD5

    a3a34358280f698075e82de010924720

    SHA1

    04e6f0a5106cd6f322bc70035429a5c061eeef32

    SHA256

    1661e16a7876140c0bd517206e68c45b11da182d78f9437662df20f9cf69e5be

    SHA512

    133d1ec36aea8129c5f103bf5f952b842f437a736bf14cdd5c66d454516fc38ec32a4336dd194d030980b79a1f683cb8c862bbe59acfdc3087123fa44a7cf455

    Download Submit

  • memory/2032-54-0x00000000766D1000-0x00000000766D3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2032-55-0x0000000000630000-0x000000000065C000-memory.dmp

    Filesize

    176KB

    Download