Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    135s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/11/2022, 07:53

General

  • Target

    aba25e928f9dddc4372e0fbae2c8a8a6a98ff1b5b38477a4bef62ecd7765719c.exe

  • Size

    370KB

  • MD5

    2e02cd9194aa2bea35fa6464b5d24224

  • SHA1

    601009de5788d2c7786a6f2fb04ff3952610c779

  • SHA256

    aba25e928f9dddc4372e0fbae2c8a8a6a98ff1b5b38477a4bef62ecd7765719c

  • SHA512

    1a0163b225aef126eed486422949fbab4c509039bf4eb559d5f49e516ac808aee95ed8fe2c04a62f13d3036f7c0e4cf822db33b3415ef6a9ec1206ee2e941613

  • SSDEEP

    6144:HSDFgijJcKR8eskWuaCGzNzsKuDLY8/7E/k375qsXN/nglUL9LnQn2H+LdTNyJ:yBgijWVe7aCIz5+QsLRXOBkJ

Score
7/10

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\aba25e928f9dddc4372e0fbae2c8a8a6a98ff1b5b38477a4bef62ecd7765719c.exe
    "C:\Users\Admin\AppData\Local\Temp\aba25e928f9dddc4372e0fbae2c8a8a6a98ff1b5b38477a4bef62ecd7765719c.exe"
    1⤵
    • Drops startup file
    PID:1724

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1724-132-0x0000000003A40000-0x0000000003A6C000-memory.dmp

    Filesize

    176KB