Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    148s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/11/2022, 19:27

General

  • Target

    5a5b124ea2a46a64b21ad13afe22a2e8bdfe88afe1afee8a2d6b096fa84fd891.exe

  • Size

    180KB

  • MD5

    4819783dca1fe548de5237c8b848de92

  • SHA1

    d9f5b0b55b2e2acef0b42dc323ab6a4dab9cae30

  • SHA256

    5a5b124ea2a46a64b21ad13afe22a2e8bdfe88afe1afee8a2d6b096fa84fd891

  • SHA512

    c6d8d906fd8644d6a664379746a1053ab32199a1175c79d4a3999e1e41b40930da0947d86b9029d40928b8e19e434a3e49c1dd5ae0d3526f70030134f5ce53cb

  • SSDEEP

    3072:MFJtUK/KG07R7bsDPymcZxqJHu4zzb4bc6otobKGCpEq2ArhueugxPZRnl1goL:WJtUK/n0bR30u4zn4F0EkchgdZRnl1vL

Score
9/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\5a5b124ea2a46a64b21ad13afe22a2e8bdfe88afe1afee8a2d6b096fa84fd891.exe
    "C:\Users\Admin\AppData\Local\Temp\5a5b124ea2a46a64b21ad13afe22a2e8bdfe88afe1afee8a2d6b096fa84fd891.exe"
    1⤵
    • Loads dropped DLL
    PID:1644

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsh4037.tmp\System.dll

    Filesize

    23KB

    MD5

    f56835dc4234fc299d1d955801e0d2d0

    SHA1

    751084b7b9819f3f4eaf1d6c0f3b9a7323a8061c

    SHA256

    70de74c6bfb6edea88295acb4927edf119ec6471bee0084b849b95bd164530e3

    SHA512

    00017f0d0cd8627638a2602cc92b647f844d488e0ea52f4f78dd96e115b5dd46a9e3140150d495a57aae1805f7d59b5767e659026383691ade363630bbf7427b

  • C:\Users\Admin\AppData\Local\Temp\nsh4037.tmp\inetc.dll

    Filesize

    25KB

    MD5

    29e2dcdfb57ee3ab5e2bbc2fc3c42f02

    SHA1

    bd6cafcce5b70ee15311f9f53e9fd4aac819ccda

    SHA256

    2b7a69e98ed4975fd4eade513cff17099c43b3eebe7e7641696d1d20e8e14b2f

    SHA512

    f71c981b3b5308566b56156462d106ebf8e49a32e55b70891f9d70338941afd347cb4df374fe38b9b3d7309f63dd75a7c80ebe02bb8941d558cd638a6f8daf7a

  • C:\Users\Admin\AppData\Local\Temp\nsh4037.tmp\nsDialogs.dll

    Filesize

    11KB

    MD5

    d90beb6eed8211459108fb7e95cbd6cc

    SHA1

    fd2c4a9fe2dab3bceebbd53e0b5491d568267c84

    SHA256

    32046317f3c8c45514e15b1beb0f241aa06cf2e1d9f9c795e18ab14215677275

    SHA512

    284ba6a0626b708943eab6b86fd94774a91b43f17a72f2341243f0b42749261072b096ef8c9a6375da848b4c8ac7c04e6599894869bd371d9c592162d15c019a

  • C:\Users\Admin\AppData\Local\Temp\nsh4037.tmp\nsRichEdit.dll

    Filesize

    5KB

    MD5

    02f1858b3131ffc3fc5e3a5391d3a489

    SHA1

    454a6d749cf55ff990bd9f57941aca9d1f1674f6

    SHA256

    f00bd6d3e7c7b8e8ad18b7dc6275fb80cc720fb164200a6506f50f6e66998b12

    SHA512

    8147fa8014a5065f4fed7de1fbb9c2ee2c1b94d63596f7bbcf6821ecd41a73d25ebdfa1e71ca74d7598cba063042b6dfcaf050a23d0c855a7b6fbc94147ab41b

  • memory/1644-135-0x0000000073C60000-0x0000000073C69000-memory.dmp

    Filesize

    36KB

  • memory/1644-137-0x0000000073C60000-0x0000000073C69000-memory.dmp

    Filesize

    36KB