Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

de464519d9...cc.exe

windows7-x64

10

de464519d9...cc.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    91s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/11/2022, 01:23 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    de464519d92957e77998135284148e32b4097f51e980084d587ec8fdcacf6ccc.exe

  • Size

    535KB

  • MD5

    180f21c876bcf411fc6be43f1871072d

  • SHA1

    25767211bcf64f387ecdc74f512ff2a99a6f0cc8

  • SHA256

    de464519d92957e77998135284148e32b4097f51e980084d587ec8fdcacf6ccc

  • SHA512

    8d449a14076268905a87f3a9b1edc99e55af550bc6e8874532fb6e9b6804d1de3c27f218d6e1eb006b9ff66c5172f46794567b3f266cd2dd75ff046a0c046785

  • SSDEEP

    12288:8Blq9I8/ZdkB7qeGvRHHVlXqgGzP+4WvX5nxzpsBc8gdlLGc/:83qi8ANGZH6RT+L9xaBc8gac/

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 1 IoCs
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\de464519d92957e77998135284148e32b4097f51e980084d587ec8fdcacf6ccc.exe
    "C:\Users\Admin\AppData\Local\Temp\de464519d92957e77998135284148e32b4097f51e980084d587ec8fdcacf6ccc.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4828
    • C:\Users\Admin\AppData\Local\Temp\Revo.Uninstaller.Pro.2.x.x.Generic.Patch-JW.exe
      "C:\Users\Admin\AppData\Local\Temp\Revo.Uninstaller.Pro.2.x.x.Generic.Patch-JW.exe"
      2⤵
      • Executes dropped EXE
      PID:4224
    • C:\Users\Admin\AppData\Local\Temp\sof.exe
      "C:\Users\Admin\AppData\Local\Temp\sof.exe"
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2160
      • C:\Windows\SysWOW64\ipconfig.exe
        "C:\Windows\System32\ipconfig.exe" /release
        3⤵
        • Gathers network information
        PID:528
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 688
        3⤵
        • Program crash
        PID:3780
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2160 -ip 2160
    1⤵
      PID:4812

    Network

      No results found
    • 104.208.16.90:443
      322 B
       7
    • 67.26.207.254:80
      322 B
       7
    • 67.26.207.254:80
      322 B
       7
    • 67.26.207.254:80
      322 B
       7
    • 67.26.207.254:80
      46 B
       40 B
       1
      1
    • 67.26.207.254:80
      46 B
       40 B
       1
      1
    No results found

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Revo.Uninstaller.Pro.2.x.x.Generic.Patch-JW.exe
      Filesize

      59KB

      MD5

      2a0063bb4d8669ddc603064c36bb290b

      SHA1

      49aefdf9e9f9d7c2f2af35c7f46dac6dc349618f

      SHA256

      5e84b6a41d3df263a83f67989f1401bd02cf9e13582d124cd44260e7ef9cac08

      SHA512

      9e1bce5c1c85aa4850ff7cc956147eb1bf231d8142f39152fe1b94f98be97b4f8c4853e9f5523e8b6d1c0aef60e86b02121623ba0b88583905eb69f7b14a8393

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Revo.Uninstaller.Pro.2.x.x.Generic.Patch-JW.exe
      Filesize

      59KB

      MD5

      2a0063bb4d8669ddc603064c36bb290b

      SHA1

      49aefdf9e9f9d7c2f2af35c7f46dac6dc349618f

      SHA256

      5e84b6a41d3df263a83f67989f1401bd02cf9e13582d124cd44260e7ef9cac08

      SHA512

      9e1bce5c1c85aa4850ff7cc956147eb1bf231d8142f39152fe1b94f98be97b4f8c4853e9f5523e8b6d1c0aef60e86b02121623ba0b88583905eb69f7b14a8393

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\sof.exe
      Filesize

      512KB

      MD5

      323bf98564cf2c451da969c3112b08d7

      SHA1

      6009b0820241cd0443569447138d3337dd921628

      SHA256

      17849a3ccfab5fe04b16c21bc366e8a1e677e3d7fa7385846da514314cdef667

      SHA512

      7ec4131978b901b8fd94a29e2491edca820f0754669d11398070dcc03855c4aea6ec8c1c98846c303ebb44a6ab52fc55bb8fefe53ffa35c25757b91a6ec5a4a4

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\sof.exe
      Filesize

      512KB

      MD5

      323bf98564cf2c451da969c3112b08d7

      SHA1

      6009b0820241cd0443569447138d3337dd921628

      SHA256

      17849a3ccfab5fe04b16c21bc366e8a1e677e3d7fa7385846da514314cdef667

      SHA512

      7ec4131978b901b8fd94a29e2491edca820f0754669d11398070dcc03855c4aea6ec8c1c98846c303ebb44a6ab52fc55bb8fefe53ffa35c25757b91a6ec5a4a4

      Download Submit

    • memory/4224-140-0x0000000000400000-0x000000000043D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/4224-141-0x0000000000400000-0x000000000043D000-memory.dmp

      Filesize

      244KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.