Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3a98c5cfe6...ab.exe

windows7-x64

8

3a98c5cfe6...ab.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    237s
  • max time network
    337s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 20:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a98c5cfe6a541555036037dca48edee5e62ada54ad68cbebd6c5fae0975e7ab.exe

  • Size

    193KB

  • MD5

    26b43bf9e8326eafd135cd51417a276c

  • SHA1

    a6c3087c8aaa8c8cd465f2a455c7f40f21ae8c6b

  • SHA256

    3a98c5cfe6a541555036037dca48edee5e62ada54ad68cbebd6c5fae0975e7ab

  • SHA512

    3d4df450c2a9433a4e8b5a4536164f2637f6088f7f093b30b8a047bf736dfb7a89021eb43c1002d5f44fcaaa6eb5a80ddcd32b26a8ff8c07cea5761c6f0f3a75

  • SSDEEP

    3072:+zJ+lM+sEvWfROJLhfJpreQ00ws/R3b/rz3qhiUF2iDcGC9YFT8U:9WROJNhpeBUDnq/FPW9eAU

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a98c5cfe6a541555036037dca48edee5e62ada54ad68cbebd6c5fae0975e7ab.exe
    "C:\Users\Admin\AppData\Local\Temp\3a98c5cfe6a541555036037dca48edee5e62ada54ad68cbebd6c5fae0975e7ab.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1032
    • C:\Users\Admin\AppData\Roaming\unzip.exe
      "C:\Users\Admin\AppData\Roaming\unzip.exe" -P fucker0202# flash.zip
      2⤵
      • Executes dropped EXE
      PID:1588

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\unzip.exe
    Filesize

    161KB

    MD5

    fecf803f7d84d4cfa81277298574d6e6

    SHA1

    0fd9a61bf9a361f87661de295e70a9c6795fe6a1

    SHA256

    81046f943d26501561612a629d8be95af254bc161011ba8a62d25c34c16d6d2a

    SHA512

    a4e2e2dfc98a874f7ec8318c40500b0e481fa4476d75d559f2895ce29fbe793a889fb2390220a25ab919deac477ada0c904b30f002324529285bda94292b48a4

    Download Submit

  • memory/1032-54-0x000007FEF3D90000-0x000007FEF47B3000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/1032-55-0x000007FEF2710000-0x000007FEF37A6000-memory.dmp

    Filesize

    16.6MB

    Download

  • memory/1032-56-0x0000000000B06000-0x0000000000B25000-memory.dmp

    Filesize

    124KB

    Download