Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

55b76d229c...4b.exe

windows7-x64

8

55b76d229c...4b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    152s
  • max time network
    182s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/11/2022, 11:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    55b76d229ca2ae94f5594050bfe8dd91f8ec8b26c0c7ae1956688494b051084b.exe

  • Size

    206KB

  • MD5

    6c21d0c5867d51e82f3ece72274e21d2

  • SHA1

    a71bc1a0391d1dd6bf94aab8746a234034700b4e

  • SHA256

    55b76d229ca2ae94f5594050bfe8dd91f8ec8b26c0c7ae1956688494b051084b

  • SHA512

    2a7d8cb81937055c68a2915cda35eeeb71d7e52efcfb4feea15bcca6c7b85c8350e668da520659c0c493be68926393963604c106611600feaa3927b3550196b4

  • SSDEEP

    6144:oDpoeh0tRrQu3kHYPiVrhZN3SIqOWnbBO3Q9Y3Fqtw:E0tVhqVrDN3S7sg9Y39

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\55b76d229ca2ae94f5594050bfe8dd91f8ec8b26c0c7ae1956688494b051084b.exe
    "C:\Users\Admin\AppData\Local\Temp\55b76d229ca2ae94f5594050bfe8dd91f8ec8b26c0c7ae1956688494b051084b.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1172
    • C:\Users\Admin\AppData\Local\Temp\55b76d229ca2ae94f5594050bfe8dd91f8ec8b26c0c7ae1956688494b051084b.exe
      "C:\Users\Admin\AppData\Local\Temp\55b76d229ca2ae94f5594050bfe8dd91f8ec8b26c0c7ae1956688494b051084b.exe"
      2⤵
        PID:2884

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\nsqE21A.tmp\authoritativeness.dll
      Filesize

      63KB

      MD5

      103f1a96977015f0f411cd5a1107399f

      SHA1

      3526e4fe4a8827d52079d20e7a2d0f07d2a26f24

      SHA256

      9d75cb9eccc06d70ecb876ad9d42564b793f4b6b76b6a15395efbae36ac60259

      SHA512

      2cb4f2723ee1bfd6dec84c264d4a8a9944c64f940f953e500a7b3cf7f49e06afd8e802f7d73dc2c06988eb8163bcce9f1d5c0fd28990bd0d8199ded58b720063

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsqE21A.tmp\authoritativeness.dll
      Filesize

      63KB

      MD5

      103f1a96977015f0f411cd5a1107399f

      SHA1

      3526e4fe4a8827d52079d20e7a2d0f07d2a26f24

      SHA256

      9d75cb9eccc06d70ecb876ad9d42564b793f4b6b76b6a15395efbae36ac60259

      SHA512

      2cb4f2723ee1bfd6dec84c264d4a8a9944c64f940f953e500a7b3cf7f49e06afd8e802f7d73dc2c06988eb8163bcce9f1d5c0fd28990bd0d8199ded58b720063

      Download Submit

    • memory/1172-134-0x0000000002280000-0x0000000002298000-memory.dmp

      Filesize

      96KB

      Download

    • memory/2884-136-0x0000000000400000-0x0000000000427000-memory.dmp

      Filesize

      156KB

      Download

    • memory/2884-138-0x0000000000400000-0x0000000000427000-memory.dmp

      Filesize

      156KB

      Download