Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

d632b3decf...10.exe

windows7-x64

9

d632b3decf...10.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    288s
  • max time network
    307s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/11/2022, 21:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d632b3decfdafc85f913819b80bb6795fad2e762b9fde43dbe809c5e3f9fbd10.exe

  • Size

    2.8MB

  • MD5

    d40e282b4631e382d02efefcc48c5e39

  • SHA1

    d94ffe792309fe24806fc249af33170f4e4e4b9f

  • SHA256

    d632b3decfdafc85f913819b80bb6795fad2e762b9fde43dbe809c5e3f9fbd10

  • SHA512

    cdbfdc5de2f565ceca11598a24efc394d5a9f1dacb73de1a52b5d652c64e95e1877500a690e7ee5cdef2ccd4d622be8e60a008e4a69f9d43c68b8aeab36c17a4

  • SSDEEP

    49152:3Fo6OJcXyRtQsWk0/w0Pelu8G5Uowg63javfA72lDKazLOvz2ii:3FbscX8usWBxPeoVOoavalDKa0Cx

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 5 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 40 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d632b3decfdafc85f913819b80bb6795fad2e762b9fde43dbe809c5e3f9fbd10.exe
    "C:\Users\Admin\AppData\Local\Temp\d632b3decfdafc85f913819b80bb6795fad2e762b9fde43dbe809c5e3f9fbd10.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2396
    • C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" "C:\Users\Admin\AppData\Local\Temp\6536A41F-F56A-6E4A-B97C-762FAA90AAC8\InstSupp.dll",CmdProc --Level --Supp 1 --Ver 181
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      PID:2532
    • C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" "C:\Users\Admin\AppData\Local\Temp\6536A41F-F56A-6E4A-B97C-762FAA90AAC8\InstSupp.dll",CmdProc --Goo --Proc checkinstall --Supp 1 --Cid D72866EA-5840-3D48-9B2F-0283BEFC4BAD --Tid UA-54395801-1
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      PID:3856

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\6536A41F-F56A-6E4A-B97C-762FAA90AAC8\InstSupp.dll
    Filesize

    272KB

    MD5

    5b3bd2e813b510427d82c9674256284f

    SHA1

    1ab9ce3eb884e8a4b5fb49ac39a6e14d49ca8adc

    SHA256

    6dae0441e150d372086530bb7e3cf3a3a1233728815f8a5e79e5b1e78ba3ecdc

    SHA512

    f05c0cb9b92a40078e539578c36f23ae55359fe39aff588d63e87ad4f692dc62699737e21dcad20c76676f457e70116db6d56bb4d215e0dbf26e7df6327acfdf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\6536A41F-F56A-6E4A-B97C-762FAA90AAC8\InstSupp.dll
    Filesize

    272KB

    MD5

    5b3bd2e813b510427d82c9674256284f

    SHA1

    1ab9ce3eb884e8a4b5fb49ac39a6e14d49ca8adc

    SHA256

    6dae0441e150d372086530bb7e3cf3a3a1233728815f8a5e79e5b1e78ba3ecdc

    SHA512

    f05c0cb9b92a40078e539578c36f23ae55359fe39aff588d63e87ad4f692dc62699737e21dcad20c76676f457e70116db6d56bb4d215e0dbf26e7df6327acfdf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\6536A41F-F56A-6E4A-B97C-762FAA90AAC8\InstSupp.dll
    Filesize

    272KB

    MD5

    5b3bd2e813b510427d82c9674256284f

    SHA1

    1ab9ce3eb884e8a4b5fb49ac39a6e14d49ca8adc

    SHA256

    6dae0441e150d372086530bb7e3cf3a3a1233728815f8a5e79e5b1e78ba3ecdc

    SHA512

    f05c0cb9b92a40078e539578c36f23ae55359fe39aff588d63e87ad4f692dc62699737e21dcad20c76676f457e70116db6d56bb4d215e0dbf26e7df6327acfdf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsg91D7.tmp\System.dll
    Filesize

    11KB

    MD5

    3e6bf00b3ac976122f982ae2aadb1c51

    SHA1

    caab188f7fdc84d3fdcb2922edeeb5ed576bd31d

    SHA256

    4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe

    SHA512

    1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsg91D7.tmp\System.dll
    Filesize

    11KB

    MD5

    3e6bf00b3ac976122f982ae2aadb1c51

    SHA1

    caab188f7fdc84d3fdcb2922edeeb5ed576bd31d

    SHA256

    4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe

    SHA512

    1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706

    Download Submit