Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

bfc12957a4...86.exe

windows7-x64

3

bfc12957a4...86.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    42s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 10:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bfc12957a4fadc56cf5130da9203885743eeccbb8c8b77bb3988219d84bf9f86.exe

  • Size

    391KB

  • MD5

    69d3efdcefbe2c48da373869723c4581

  • SHA1

    36e7359bc003ef18410def193e5dc58833c398e4

  • SHA256

    bfc12957a4fadc56cf5130da9203885743eeccbb8c8b77bb3988219d84bf9f86

  • SHA512

    43a9eac776d5dca213e921f8e2bf0fd0c9ee77f14ee86ddb2d33612f70590a0189ecd55eb93b06df0351459e11a4cb771e07ecefb77fd857200791c8c210828b

  • SSDEEP

    6144:oob6m1dFAokqnYV9wpmqSafvaxcEBRylI:o+1PA/qnYV9wpmqSafvaOEBRy

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bfc12957a4fadc56cf5130da9203885743eeccbb8c8b77bb3988219d84bf9f86.exe
    "C:\Users\Admin\AppData\Local\Temp\bfc12957a4fadc56cf5130da9203885743eeccbb8c8b77bb3988219d84bf9f86.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1264
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:952

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\bfc12957a4fadc56cf5130da9203885743eeccbb8c8b77bb3988219d84bf9f86.png
    Filesize

    35KB

    MD5

    5f09d62eda2251f78c5097a3e314c6ce

    SHA1

    7ba414d49a90cd94e3965fb9369821dbc56c29e3

    SHA256

    2c8756a70dd4bcd8d00969990d2a6f2312269f1ca1fdea76a63f08e6de8cf408

    SHA512

    4a47f320c718dca03f1b0506478900ed727082a4ee5817161cfa3a1fc62c72803d26fec185dff625799a2c1925045a775081aad29a428897a6c80215c024aa9d

    Download Submit

  • memory/1264-54-0x0000000076711000-0x0000000076713000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1264-55-0x0000000074F00000-0x00000000754AB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1264-57-0x0000000074F00000-0x00000000754AB000-memory.dmp

    Filesize

    5.7MB

    Download