Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

2fb62da8e0...58.exe

windows7-x64

7

2fb62da8e0...58.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/11/2022, 23:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2fb62da8e0acd5681c6333e7c3d5ca113de0c4cb2fbb7459fb53f89dd1ee6958.exe

  • Size

    27.9MB

  • MD5

    59a18099ba4ebc0c50ca150a253832c5

  • SHA1

    612ad03c784a46eb00ec55a72bf0326495b6b1af

  • SHA256

    2fb62da8e0acd5681c6333e7c3d5ca113de0c4cb2fbb7459fb53f89dd1ee6958

  • SHA512

    b2d8142cf97b9d7e5606a0fffb3adeb03bcf98547a266a61b3f1258d9b25264edfc69d870be4262e49c823c95ea1ea53fd1536d1efb6a3fc2752eebd5a022d6e

  • SSDEEP

    393216:TTLZst3s1y1x4Jx6UpAlOitUvhmpIKNINNZrNjSrFqLX6VsmnRdmK1/Fj5GC12iQ:ToiP+mhnNNZBmQTmRlN9GC35/KaAf/

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2fb62da8e0acd5681c6333e7c3d5ca113de0c4cb2fbb7459fb53f89dd1ee6958.exe
    "C:\Users\Admin\AppData\Local\Temp\2fb62da8e0acd5681c6333e7c3d5ca113de0c4cb2fbb7459fb53f89dd1ee6958.exe"
    1⤵
    • Loads dropped DLL
    PID:4140

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsr7380.tmp\BrandingURL.dll
    Filesize

    4KB

    MD5

    71c46b663baa92ad941388d082af97e7

    SHA1

    5a9fcce065366a526d75cc5ded9aade7cadd6421

    SHA256

    bb2b9c272b8b66bc1b414675c2acba7afad03fff66a63babee3ee57ed163d19e

    SHA512

    5965bd3f5369b9a1ed641c479f7b8a14af27700d0c27d482aa8eb62acc42f7b702b5947d82f9791b29bcba4d46e1409244f0a8ddce4ec75022b5e27f6d671bce

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsr7380.tmp\InstallOptions.dll
    Filesize

    15KB

    MD5

    9a886711c559308c39c01c20e9d9a1e3

    SHA1

    0f27cf1cf6e4960e140651b68d72ed4b92c58e9e

    SHA256

    98be8860d38ad9cf31b55a1a04594de59eabad67510ba2a33ed20a80863ddfa4

    SHA512

    4dabdd9ea7a8330a367589a3975a9dc7286b82c66efc7db118b4d7a2db08a467851c6d3dc991668e13c4dd5473aa974e9696a2226039db94df8b198da54354a3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsr7380.tmp\InstallOptions.dll
    Filesize

    15KB

    MD5

    9a886711c559308c39c01c20e9d9a1e3

    SHA1

    0f27cf1cf6e4960e140651b68d72ed4b92c58e9e

    SHA256

    98be8860d38ad9cf31b55a1a04594de59eabad67510ba2a33ed20a80863ddfa4

    SHA512

    4dabdd9ea7a8330a367589a3975a9dc7286b82c66efc7db118b4d7a2db08a467851c6d3dc991668e13c4dd5473aa974e9696a2226039db94df8b198da54354a3

    Download Submit

  • memory/4140-135-0x00000000031A1000-0x00000000031A3000-memory.dmp

    Filesize

    8KB

    Download