Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
53s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
25/11/2022, 09:36 UTC
Static task
static1
Behavioral task
behavioral1
Sample
73fc2fb8349b1c2b7a831e0f1f43ad64c02bb3ebfd873c22b35c8d8f092e000e.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
73fc2fb8349b1c2b7a831e0f1f43ad64c02bb3ebfd873c22b35c8d8f092e000e.exe
Resource
win10v2004-20220812-en
General
-
Target
73fc2fb8349b1c2b7a831e0f1f43ad64c02bb3ebfd873c22b35c8d8f092e000e.exe
-
Size
556KB
-
MD5
0bbdaceeebb606006fc67540bbfab1e6
-
SHA1
e03c3bf053446c549bfd079e7c2211db3666c1f7
-
SHA256
73fc2fb8349b1c2b7a831e0f1f43ad64c02bb3ebfd873c22b35c8d8f092e000e
-
SHA512
1f13cd2ae0432631b4e7b825a0cb9568948eccd8aa539ac8b28fc35fb1eb2ab710a27b11e33319efed97667b295b94f8d6382a9247d63456e4798320ff68e393
-
SSDEEP
12288:8RZ+IoG/n9IQxW3OBsevLdocVDhLpWNLdocVDhLpWq+tGPbi:G2G/nvxW3Wbhp4hpxTi
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1460 wrote to memory of 812 1460 73fc2fb8349b1c2b7a831e0f1f43ad64c02bb3ebfd873c22b35c8d8f092e000e.exe 27 PID 1460 wrote to memory of 812 1460 73fc2fb8349b1c2b7a831e0f1f43ad64c02bb3ebfd873c22b35c8d8f092e000e.exe 27 PID 1460 wrote to memory of 812 1460 73fc2fb8349b1c2b7a831e0f1f43ad64c02bb3ebfd873c22b35c8d8f092e000e.exe 27 PID 1460 wrote to memory of 812 1460 73fc2fb8349b1c2b7a831e0f1f43ad64c02bb3ebfd873c22b35c8d8f092e000e.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\73fc2fb8349b1c2b7a831e0f1f43ad64c02bb3ebfd873c22b35c8d8f092e000e.exe"C:\Users\Admin\AppData\Local\Temp\73fc2fb8349b1c2b7a831e0f1f43ad64c02bb3ebfd873c22b35c8d8f092e000e.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1460 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Rp privatev.vbs"2⤵PID:812
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
255B
MD54f04e837c51bbacffc7f01b119ef6f52
SHA16087cbe385f2ddcfa36b3d6dac567cc20b1ea16c
SHA256a95739812ce59bb85631ee6d6417287fd0bf0f999691a648e76be6d6711d55e5
SHA5125b720c54882c1b8748d731c14709292ebd19f8668b791396a54a7dbfdba51618a7e473884d45079f4fa6a899c4f36d091475d71e64298915a8950eb48e246391