Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
34s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
30/10/2022, 21:03
Static task
static1
Behavioral task
behavioral1
Sample
b1b5cfaaa8ccd872ce999c599fbd01136f01e63aec52e7070338f4a82420be7c.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
b1b5cfaaa8ccd872ce999c599fbd01136f01e63aec52e7070338f4a82420be7c.lnk
Resource
win10v2004-20220812-en
General
-
Target
b1b5cfaaa8ccd872ce999c599fbd01136f01e63aec52e7070338f4a82420be7c.lnk
-
Size
1KB
-
MD5
91dfdf598d88dfd265ccb4fb694793c0
-
SHA1
d9dce1e905abbf6255010a0cb7e87da334e5b3f8
-
SHA256
b1b5cfaaa8ccd872ce999c599fbd01136f01e63aec52e7070338f4a82420be7c
-
SHA512
857717cad2abda3a49f45c58137e3156d75e831adb94498792f9fc240d3c87945b5f31f11f18d3cd31cb5a68ae1139599b29a29b5b000e71f4551d86f22d968a
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1132 wrote to memory of 528 1132 cmd.exe 28 PID 1132 wrote to memory of 528 1132 cmd.exe 28 PID 1132 wrote to memory of 528 1132 cmd.exe 28
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\b1b5cfaaa8ccd872ce999c599fbd01136f01e63aec52e7070338f4a82420be7c.lnk1⤵
- Suspicious use of WriteProcessMemory
PID:1132 -
C:\WINDOWS\system32\cmd.exe"C:\WINDOWS\system32\cmd.exe" /c start win1.vbs&start 5.doc&exit2⤵PID:528
-