Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
98s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
-
submitted
27/11/2022, 14:52
General
-
Target
d6efcaa582cfcafdff6e26080dac8dd77adf826c26a37a7c4dfeeac875553ee9.exe
-
Size
91KB
-
MD5
ad9cb78d956e19aa435da393b082f792
-
SHA1
f34af8c9befa8a7bf6d29b6c7a20f7b421c799f4
-
SHA256
d6efcaa582cfcafdff6e26080dac8dd77adf826c26a37a7c4dfeeac875553ee9
-
SHA512
29e20edc05913be0f6a14f437eb121a6fe457a16fb8d00f14cbf9b00539e479c2e69b8b440c9021e6cdc491c6aa643a133f42175b73788363ec2152f75efaa35
-
SSDEEP
1536:rwbpmZEguoM0NzVXAG+7Dj3DDqL1HHTWS6px6HH84:0bpmZEzYVXAb3iTWjxSH84
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d6efcaa582cfcafdff6e26080dac8dd77adf826c26a37a7c4dfeeac875553ee9.exe"C:\Users\Admin\AppData\Local\Temp\d6efcaa582cfcafdff6e26080dac8dd77adf826c26a37a7c4dfeeac875553ee9.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://cs606517.vk.me/v606517550/1de7/fLkWmWbc3AA.jpg2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:275457 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD5a2691458365084a91449db5d055670fb
SHA1aabab35f39c0ebafe75844f4850fad8b3b3d8627
SHA256e624170785a0dedde432697d4c2fff60e7fbbe96df91b3448912d3a80988378e
SHA512898cc0adaa48ed79536cdbb1f6412ada9419891793c5496a7dacb3a0aaa3d1c97fe03b79e37c3ffd2eb7e7625e3c5125caa850f08a1eaef820e917745a9103fc
-
Filesize
1KB
MD5c30515639cdb85b1fb619e84233c0d5f
SHA161a7848bb12959b841105da1685888d48cbb072d
SHA25635f9c9dd568c8c49e9d1adc99dfae841abdccf6cae9344068f3c387465e5704a
SHA5124f8fafc0047fa10283cf7b47c7b2e8a87d8feadd21b22b7b3765e462f5b1deb795203582c2c0b76cba5749f47e2c4397a31fe0f6b4d5837f42b327e9a6bfcafd
-
Filesize
603B
MD55c4f4cd30648cb07b46649ff9ce9d24b
SHA1e76020b3689b4504a62ec1906801c11a28ec3cfa
SHA25632d4d6c0e36ff4b2542f370197dea1d4e9e50220b7e1649063a90a2060304d10
SHA512f1fb09b19f65de13ebd06fcccf98cdd0efa0467a49f906f2e76bb79a60bcd81d6a08d17bce270a940f8640997b5a3d1455d2bc4b081f158b295c87e9a17f0e36
-
Filesize
8KB
-
Filesize
5.7MB