Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
201s -
max time network
207s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
25/11/2022, 18:24
General
-
Target
36ef87cd5d4eaa66a47f4e951854080804c56083871400907f40b0e6f9c4e507.exe
-
Size
4.5MB
-
MD5
55e098a817c0f37fca65e8cbc06d38f2
-
SHA1
b413365b20ede4cc1a1a2bf7df7674ff90ee909b
-
SHA256
36ef87cd5d4eaa66a47f4e951854080804c56083871400907f40b0e6f9c4e507
-
SHA512
56466b50f144933865063a300b6c218007b5ef3a9be839d5d6c8421cf5d2735c90918088eb249563952da681bcb4bd6c5b7b5c528a0d45a18a1ce88cea806882
-
SSDEEP
98304:HypOj4chk6omZFvfG4V+SKa6sfGJUmRRNVimdKiy2kSiGw5vDOj4chEU:HyehEmbfdVLGNRHHKIkRJ0hEU
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 2 IoCs
Detects file using ACProtect software.
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL 6 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\36ef87cd5d4eaa66a47f4e951854080804c56083871400907f40b0e6f9c4e507.exe"C:\Users\Admin\AppData\Local\Temp\36ef87cd5d4eaa66a47f4e951854080804c56083871400907f40b0e6f9c4e507.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD5164ea7f3d7de0b55cea5f2018e7b0bae
SHA14df849654b7213fe9731777d852ca754a87abc3e
SHA256444da00a903a3e19126b5d4f116727906dc6811aba34efe868b2bff091fe1e0b
SHA512463a8eea84780d9e491b9025b722feea0dbbff77e0a1aa6070957998bfb325adba9f2f533cbd04db69e9ccfef8135750fcf86cb97e11101b03ae0e78c3c41839
-
Filesize
11KB
MD500a0194c20ee912257df53bfe258ee4a
SHA1d7b4e319bc5119024690dc8230b9cc919b1b86b2
SHA256dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
SHA5123b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
-
Filesize
9KB
MD5ab73c0c2a23f913eabdc4cb24b75cbad
SHA16569d2863d54c88dcf57c843fc310f6d9571a41e
SHA2563d0060c5c9400a487dbefe4ac132dd96b07d3a4ba3badab46a7410a667c93457
SHA51299d287b5152944f64edc7ce8f3ebcd294699e54a5b42ac7a88e27dff8a68278a5429f4d299802ee7ddbe290f1e3b6a372a5f3bb4ecb1a3c32e384bca3ccdb2b8
-
Filesize
9KB
MD5ab73c0c2a23f913eabdc4cb24b75cbad
SHA16569d2863d54c88dcf57c843fc310f6d9571a41e
SHA2563d0060c5c9400a487dbefe4ac132dd96b07d3a4ba3badab46a7410a667c93457
SHA51299d287b5152944f64edc7ce8f3ebcd294699e54a5b42ac7a88e27dff8a68278a5429f4d299802ee7ddbe290f1e3b6a372a5f3bb4ecb1a3c32e384bca3ccdb2b8
-
Filesize
6KB
MD5ebc5bb904cdac1c67ada3fa733229966
SHA13c6abfa0ddef7f3289f38326077a5041389b15d2
SHA2563eba921ef649b71f98d9378dee8105b38d2464c9ccde37a694e4a0cd77d22a75
SHA512fa71afcc166093fbd076a84f10d055f5a686618711d053ab60d8bd060e78cb2fdc15fa35f363822c9913413251c718d01ddd6432ab128816d98f9aabf5612c9f
-
Filesize
6KB
MD5ebc5bb904cdac1c67ada3fa733229966
SHA13c6abfa0ddef7f3289f38326077a5041389b15d2
SHA2563eba921ef649b71f98d9378dee8105b38d2464c9ccde37a694e4a0cd77d22a75
SHA512fa71afcc166093fbd076a84f10d055f5a686618711d053ab60d8bd060e78cb2fdc15fa35f363822c9913413251c718d01ddd6432ab128816d98f9aabf5612c9f
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
8KB