Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    34s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    30/10/2022, 21:03

General

  • Target

    b1b5cfaaa8ccd872ce999c599fbd01136f01e63aec52e7070338f4a82420be7c.lnk

  • Size

    1KB

  • MD5

    91dfdf598d88dfd265ccb4fb694793c0

  • SHA1

    d9dce1e905abbf6255010a0cb7e87da334e5b3f8

  • SHA256

    b1b5cfaaa8ccd872ce999c599fbd01136f01e63aec52e7070338f4a82420be7c

  • SHA512

    857717cad2abda3a49f45c58137e3156d75e831adb94498792f9fc240d3c87945b5f31f11f18d3cd31cb5a68ae1139599b29a29b5b000e71f4551d86f22d968a

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\b1b5cfaaa8ccd872ce999c599fbd01136f01e63aec52e7070338f4a82420be7c.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1132
    • C:\WINDOWS\system32\cmd.exe
      "C:\WINDOWS\system32\cmd.exe" /c start win1.vbs&start 5.doc&exit
      2⤵
        PID:528

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1132-54-0x000007FEFB8D1000-0x000007FEFB8D3000-memory.dmp

      Filesize

      8KB