Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

file.exe

windows7-x64

8

file.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    152s
  • max time network
    207s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 19:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    242KB

  • MD5

    b8069d23a93b5f1e67e2603d12b80057

  • SHA1

    43d7b58527d7d09655b2f3f38347d6263aea5306

  • SHA256

    341914f20b5ea442c4edc1e0dd28a303629d734cabd1058f26c8d2c8def76412

  • SHA512

    2d8674f144cf56a4cea346014cfa446ff11cc5846fabca9975ac06a7959b099f4a514913892deb7aabe0a978d08519f423c955905d6693acee0a9242fcdfb7c3

  • SSDEEP

    6144:yZXBsWqsE/Ao+mv8Qv0LVmwq4FU0nN876sahikaHam0/X:0XmwRo+mv8QD4+0N46lIP0/

Score
8/10
discovery

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1560
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Program Files (x86)\House\Dorm\instagramm.bat" "
      2⤵
      • Drops file in Drivers directory
      PID:1308
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\House\Dorm\slonopotam.vbs"
      2⤵
        PID:1104
      • C:\Windows\SysWOW64\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\House\Dorm\bi2puk.vbs"
        2⤵
          PID:1076

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\House\Dorm\3.txt
        Filesize

        16B

        MD5

        3845a9c3812194a5c2f3d785a9ae5dd9

        SHA1

        44001d7a8e8f4c1c418647fca03247466864e0cf

        SHA256

        d4d4e47b39bda4cdcda2d0275158673517c271014b3d49b3fdebf1c9411e5c22

        SHA512

        37bfe6644e334237747d72a08387338cef9321a13462d2bbfa2b3c5ad57f398f1cb51140fc3103ca12d47ce5992485b64a5f295a882a6e68c02254dcdbc73155

        Download Submit

      • C:\Program Files (x86)\House\Dorm\4.txt
        Filesize

        27B

        MD5

        213c0742081a9007c9093a01760f9f8c

        SHA1

        df53bb518c732df777b5ce19fc7c02dcb2f9d81b

        SHA256

        9681429a2b00c27fe6cb0453f255024813944a7cd460d18797e3c35e81c53d69

        SHA512

        55182c2e353a0027f585535a537b9c309c3bf57f47da54a16e0c415ed6633b725bf40e40a664b1071575feeb7e589d775983516728ec3e51e87a0a29010c4eb9

        Download Submit

      • C:\Program Files (x86)\House\Dorm\bi2puk.vbs
        Filesize

        869B

        MD5

        a8c65a802cd817f4bed76811a1faf4e8

        SHA1

        00d9023422887d0dc33d61de6678d99d047ab721

        SHA256

        a60b15a0c941614f430ccb573416b8b79ab7ffff33007115c62d5c01b84fe08b

        SHA512

        979cbf39b9f5a1b3b7278d4d7e324cc914e489f5bcdc06570a4a71d1a7b30bc6b2ec8e781f4212a358ce7510a94ec00a5cc928e66d44fa3a5adf09d515663b27

        Download Submit

      • C:\Program Files (x86)\House\Dorm\instagramm.bat
        Filesize

        1KB

        MD5

        16b8b27337afd54ab867d76fe87294b6

        SHA1

        3683b604e5a1b94d7a14cac1ae06f3fe03cbe875

        SHA256

        f7f4b4151a2eb9bc55cca04e60bed9c4f88563af552c039ee09302c4a663599c

        SHA512

        1a7d624e961edf22367b83fc948b4a45ae976f3679b009912948f29561e16d3982b958c80fa9a829b24b8c373ff9085056b85aef02fd5837f1b62ef0b6aa53c8

        Download Submit

      • C:\Program Files (x86)\House\Dorm\slonopotam.vbs
        Filesize

        260B

        MD5

        426f2d371b1ef0467f5d74384b73d6bf

        SHA1

        435f2668bea0bddc82d23e0473ceabe53704f81d

        SHA256

        a99c889eecd81a3852c8e49af84549a741ae2a6fce5e81a3f7e53b64bd54b9e3

        SHA512

        63140f5a2f9bf98349c68455f78ac8d46e08ecac06617aa56f7bf14512b439b495691b4d7746f8cb07950c4b98d41db2908c1115dd7e354acda3d6a848e86902

        Download Submit

      • memory/1560-54-0x00000000756B1000-0x00000000756B3000-memory.dmp

        Filesize

        8KB

        Download