Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

b32051f148...bb.exe

windows7-x64

8

b32051f148...bb.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    91s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/11/2022, 11:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b32051f148d14ec759f5ff05e8baad7c9e97e3ee73aaade3b607496de37709bb.exe

  • Size

    3.4MB

  • MD5

    21f420cf12acf484d126f5b153131e7a

  • SHA1

    46979b39b5b3ec52d3a9d582cf74a9c96e8cc26e

  • SHA256

    b32051f148d14ec759f5ff05e8baad7c9e97e3ee73aaade3b607496de37709bb

  • SHA512

    a058ce6bf174596a036a20f961c19b307ecf08dd6aeae4b85aa10aa6e1547236673e239510e3279f6851e31aa3d2a68ccf308231e6a31b679c93e41b3a8b270b

  • SSDEEP

    98304:c3BRF/1E74wVxlc5H6rtojimBHeT0yzvmt2gupE2r:c6GOmsT0yji2guz

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b32051f148d14ec759f5ff05e8baad7c9e97e3ee73aaade3b607496de37709bb.exe
    "C:\Users\Admin\AppData\Local\Temp\b32051f148d14ec759f5ff05e8baad7c9e97e3ee73aaade3b607496de37709bb.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4752
    • C:\ProgramData\wdgame\Installapk.exe
      "C:\ProgramData\wdgame\Installapk.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2160

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\wdgame\Installapk.exe
    Filesize

    2.6MB

    MD5

    8606ce3007385eb44192d1224eef7e11

    SHA1

    eb8b48cad09c2d3aef6ad512592482c449847526

    SHA256

    c1aad5940d5a044cc9dae9ee9087d664b07683228414f14b6963a71cd9947bca

    SHA512

    146c856bdad9aa0503389cf5bf155277df584d9bc14041d05f845eb5f32cea1f6176c5700210509d903dab2a5229f8750fdd2590e650d9233c2efa2fb5c1ad7a

    Download Submit

  • C:\ProgramData\wdgame\Installapk.exe
    Filesize

    2.6MB

    MD5

    8606ce3007385eb44192d1224eef7e11

    SHA1

    eb8b48cad09c2d3aef6ad512592482c449847526

    SHA256

    c1aad5940d5a044cc9dae9ee9087d664b07683228414f14b6963a71cd9947bca

    SHA512

    146c856bdad9aa0503389cf5bf155277df584d9bc14041d05f845eb5f32cea1f6176c5700210509d903dab2a5229f8750fdd2590e650d9233c2efa2fb5c1ad7a

    Download Submit

  • C:\ProgramData\wdgame\conapk.ini
    Filesize

    231B

    MD5

    b4c067fa5ce238cb34851b1e24d1ed22

    SHA1

    b0f47a0e43feb2bd49c2787a1e64367ef36544bb

    SHA256

    76e2b09d5111cbc1c7a294fe0cc29d51b66af17cd2703690e4bd66e9d524e86f

    SHA512

    004f37752d03370c6a4c5d54452c15c941c992c975005078b8baafffc00809afe858b425030da70605ff8a9d850094f7435267eeda3aabf7c53781e70986bb7c

    Download Submit