Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

c6385beed7...1b.exe

windows7-x64

8

c6385beed7...1b.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    143s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    06/11/2022, 21:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c6385beed79c7a846f91dfb649e8338f24768b3305dc9192681cc616ab27161b.exe

  • Size

    842KB

  • MD5

    0e5d755b9d631710715cc879ef72c0a0

  • SHA1

    873921f8244efcbc24051a9fabda607a97c3b8a9

  • SHA256

    c6385beed79c7a846f91dfb649e8338f24768b3305dc9192681cc616ab27161b

  • SHA512

    f1377fc14d698c7b28fa6d5b4e7e923d96918892f44473e2836d2ed04dd3d0c1504ea2f2b9693807d342cb53a26a0b7707281ce347ad64a62e7bc574e6dbeb6b

  • SSDEEP

    12288:C5h3PhAT+T3YJZ7djjyoGt87O7aXp5endibj:C3PGa3YJv36jaXp5

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Program Files directory 13 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c6385beed79c7a846f91dfb649e8338f24768b3305dc9192681cc616ab27161b.exe
    "C:\Users\Admin\AppData\Local\Temp\c6385beed79c7a846f91dfb649e8338f24768b3305dc9192681cc616ab27161b.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1280
    • C:\Windows\TEMP\Tcv.exe
      "C:\Windows\TEMP\Tcv.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Drops file in Windows directory
      PID:1736

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\TEMP\Tcv.exe
    Filesize

    842KB

    MD5

    a340eff64a124ac9bfa71c61b72cc86e

    SHA1

    19c49fa817ca6d26bd86cfa43313fd038d5b86eb

    SHA256

    7c9fe3f674b4c67dddac1f2ce1cc878db5d22ba5c95457e7dd673504427a2599

    SHA512

    8eaf2df97c11f4d7ac27943866fab48a96a55d56fb5b2fdf3aa867e95eb7de62633bb1f3d49e1f2748cae3a52fb57ba98c4037c4763adc2485ff54da7377dfb3

    Download Submit

  • C:\Windows\Temp\Tcv.exe
    Filesize

    842KB

    MD5

    a340eff64a124ac9bfa71c61b72cc86e

    SHA1

    19c49fa817ca6d26bd86cfa43313fd038d5b86eb

    SHA256

    7c9fe3f674b4c67dddac1f2ce1cc878db5d22ba5c95457e7dd673504427a2599

    SHA512

    8eaf2df97c11f4d7ac27943866fab48a96a55d56fb5b2fdf3aa867e95eb7de62633bb1f3d49e1f2748cae3a52fb57ba98c4037c4763adc2485ff54da7377dfb3

    Download Submit

  • C:\Windows\winstart.bat
    Filesize

    422B

    MD5

    09803d071318974890e67f0811e6c81e

    SHA1

    31cdea8e9f9c5d8f374fcb99f483b4a6f4acbe9f

    SHA256

    b272167a1dffc3c73e53edc84d2cd59145c51c374b5b67bd5e2725a179da93ec

    SHA512

    01f8a2cb92d668c2efd1e3d80faa13fc2361945e9ed8db54dab457050afbdb5433b0a2053834cf08478d37916cddefa8174fc4717cc6cf7350d50789406bf5c4

    Download Submit

  • \Windows\Temp\Tcv.exe
    Filesize

    842KB

    MD5

    a340eff64a124ac9bfa71c61b72cc86e

    SHA1

    19c49fa817ca6d26bd86cfa43313fd038d5b86eb

    SHA256

    7c9fe3f674b4c67dddac1f2ce1cc878db5d22ba5c95457e7dd673504427a2599

    SHA512

    8eaf2df97c11f4d7ac27943866fab48a96a55d56fb5b2fdf3aa867e95eb7de62633bb1f3d49e1f2748cae3a52fb57ba98c4037c4763adc2485ff54da7377dfb3

    Download Submit

  • \Windows\Temp\Tcv.exe
    Filesize

    842KB

    MD5

    a340eff64a124ac9bfa71c61b72cc86e

    SHA1

    19c49fa817ca6d26bd86cfa43313fd038d5b86eb

    SHA256

    7c9fe3f674b4c67dddac1f2ce1cc878db5d22ba5c95457e7dd673504427a2599

    SHA512

    8eaf2df97c11f4d7ac27943866fab48a96a55d56fb5b2fdf3aa867e95eb7de62633bb1f3d49e1f2748cae3a52fb57ba98c4037c4763adc2485ff54da7377dfb3

    Download Submit

  • memory/1280-54-0x00000000752B1000-0x00000000752B3000-memory.dmp

    Filesize

    8KB

    Download