Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

b9508eca3f...53.exe

windows7-x64

8

b9508eca3f...53.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    66s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/11/2022, 18:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b9508eca3f9a56d2a93bca1b34a9080b18efa0b782200a91d93c02c0afad0d53.exe

  • Size

    581KB

  • MD5

    1087b44d6a6c573ebed09ea02969590f

  • SHA1

    854df27c301f865aa9fd9312cfa5712b30a9bb5e

  • SHA256

    b9508eca3f9a56d2a93bca1b34a9080b18efa0b782200a91d93c02c0afad0d53

  • SHA512

    ac2785f1362294334850a38bebee599c592f19adf3a20cee7630a3faef39216c1e6043d036cc77621fd9107ba8304a04daa1e1cadb8d5ff699b1df36b183ee73

  • SSDEEP

    12288:3QFagl4ZjL++kpFDI+4hPBH1S4+gHRMEM9LCB9Gl/DN:3QFNC+fI+g1S4+gHOt9LCc/D

Score
8/10
upx

Malware Config

Signatures

  • Downloads MZ/PE file
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b9508eca3f9a56d2a93bca1b34a9080b18efa0b782200a91d93c02c0afad0d53.exe
    "C:\Users\Admin\AppData\Local\Temp\b9508eca3f9a56d2a93bca1b34a9080b18efa0b782200a91d93c02c0afad0d53.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4316

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4316-132-0x0000000002150000-0x0000000002282000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4316-135-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4316-136-0x0000000002150000-0x0000000002282000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4316-138-0x00000000005E0000-0x0000000000672000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4316-137-0x0000000002150000-0x0000000002282000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4316-139-0x0000000002150000-0x0000000002282000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4316-140-0x0000000002150000-0x0000000002282000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4316-141-0x0000000002150000-0x0000000002282000-memory.dmp

    Filesize

    1.2MB

    Download