Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

1.08.exe

windows7-x64

8

1.08.exe

windows10-2004-x64

8

SmartHideIPSetup.exe

windows7-x64

7

SmartHideIPSetup.exe

windows10-2004-x64

7

上門小姐網.url

windows7-x64

1

上門小姐網.url

windows10-2004-x64

1

博天堂�...��.url

windows7-x64

1

博天堂�...��.url

windows10-2004-x64

1

参考.bat

windows7-x64

1

参考.bat

windows10-2004-x64

1

國產AV�...��.url

windows7-x64

1

國產AV�...��.url

windows10-2004-x64

1

搞處女.url

windows7-x64

1

搞處女.url

windows10-2004-x64

1

深夜操逼逼.url

windows7-x64

1

深夜操逼逼.url

windows10-2004-x64

1

自动安�...29.exe

windows7-x64

自动安�...29.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    151s
  • max time network
    186s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/11/2022, 22:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1.08.exe

  • Size

    2.9MB

  • MD5

    3984dd1bbadf1e28e79018aa86f63a4d

  • SHA1

    68ecec1582a509d74c5157148b2940a20a6eb725

  • SHA256

    611a8d361d04a71e5d5fa72cc8b24665fd8f09c39c3d4902f69e3c8c8e3e37a7

  • SHA512

    af3ed54732d1b0f9a96926d9fc3c793b128c9f895e7117ffbe322403ea844b924b885cc2b066024fb1df510e80d946dc618ce3a08abd6a68a036681e7dad7aa6

  • SSDEEP

    49152:0ypa4po00ODZCPLFDoOIV38iFUYgc+qY/NBqRp1vbp6jHlVgkc1jYCASMO70mbdl:0d4ykFCBU7tmncmsp5kHlEnP0mbdE3qz

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1.08.exe
    "C:\Users\Admin\AppData\Local\Temp\1.08.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3224
    • C:\Users\Admin\AppData\Local\Temp\is-NQOPT.tmp\1.08.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-NQOPT.tmp\1.08.tmp" /SL5="$A0030,2830081,72704,C:\Users\Admin\AppData\Local\Temp\1.08.exe"
      2⤵
      • Executes dropped EXE
      PID:4244

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-NQOPT.tmp\1.08.tmp
    Filesize

    694KB

    MD5

    ce9f5fb67f79ac919a7029331728aed0

    SHA1

    9f4c20cabc6f4b920362b9ec5d939237f332c3d2

    SHA256

    0e379fac5f64bb9b7788478f40df4f0f7d20db46abf010276825d0115f65a856

    SHA512

    8d828bded5e9cf3a5eb4a9d292dca6249f9be6c08142f2ad6243ae2a751b84e329c4529f2de247e87d9a40ac87f750aede368c79f3bbce74c5f917362378bdb9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-NQOPT.tmp\1.08.tmp
    Filesize

    694KB

    MD5

    ce9f5fb67f79ac919a7029331728aed0

    SHA1

    9f4c20cabc6f4b920362b9ec5d939237f332c3d2

    SHA256

    0e379fac5f64bb9b7788478f40df4f0f7d20db46abf010276825d0115f65a856

    SHA512

    8d828bded5e9cf3a5eb4a9d292dca6249f9be6c08142f2ad6243ae2a751b84e329c4529f2de247e87d9a40ac87f750aede368c79f3bbce74c5f917362378bdb9

    Download Submit

  • memory/3224-133-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/3224-138-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download