Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
160s -
max time network
198s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
25/11/2022, 19:00
General
-
Target
EventsLogs.exe
-
Size
90KB
-
MD5
dbfe6f37ed2016491d78774fcfc97d87
-
SHA1
7e2b467a3e6ef01c903c361b0e6c17726184a3fd
-
SHA256
92e6110bd2e1e29ad1066f7778e6c7ee6f94413aa294b0c71b16308c49e87017
-
SHA512
3209e7b273418e791a1890e33ddb34659935a9d78dde6d98a8b8729acddd2cc8e7ac0968eb5aaf4b669092b31d3966b0822c57f449c78751910a4c323718b0fa
-
SSDEEP
1536:WXeAZLLL1GXAQ5kCo7WQldwDQfqbs28Bbqfs7qvT6YoBG/yXr3RDB:WyQBPpCJ8FYvmBG/y7h1
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\EventsLogs.exe"C:\Users\Admin\AppData\Local\Temp\EventsLogs.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wscript.exewscript.exe "C:\Users\Admin\AppData\Local\Temp\94.233.8.2372.vbs"2⤵
- Suspicious use of FindShellTrayWindow
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD590fb91ea9f33b44cefb0dd5175ecc5e2
SHA1545865e5d4382381587a7b07fb7487ac189e41ff
SHA256cd9ebb7eef204f7bf95a965b5e0c4e966f64f2c802bd7b82d08754b0bf1a8956
SHA512bc0f8ab2b74d1f353d40cc13d8c402dbebb504e485d679929ed12f3ed99d033d5440ff6ffd6189066b7c4fa2bc44b77e61588d00c977a8ee4df4f55f90b1a864