Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
112s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
29/11/2022, 09:06
Static task
static1
Behavioral task
behavioral1
Sample
bd8f936cc1c18d50d244fb53557bef7f3afb47aae97adf9ca2976653c6c5e333.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
bd8f936cc1c18d50d244fb53557bef7f3afb47aae97adf9ca2976653c6c5e333.exe
Resource
win10v2004-20220901-en
General
-
Target
bd8f936cc1c18d50d244fb53557bef7f3afb47aae97adf9ca2976653c6c5e333.exe
-
Size
562KB
-
MD5
93f270064f6b0f92fc106b7eb80a77dc
-
SHA1
e13ddd01f14f18da9273672196130a86410890e1
-
SHA256
bd8f936cc1c18d50d244fb53557bef7f3afb47aae97adf9ca2976653c6c5e333
-
SHA512
da9c85e2b73f1071dd00164bf64dd43ae82336f16d4342b81d09f379b4438955dec6dbb2436c1d20702e5f2820b3c3fe080c506e6a6d4fad58046621cf55962a
-
SSDEEP
12288:7CK+qK4QIUJ6ItO49LpwEBXu+OKex+VwKDPFIihoGqz765OMF5F:7ChqKgU79usbkx+VNJhofz765hJ
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1608 bd8f936cc1c18d50d244fb53557bef7f3afb47aae97adf9ca2976653c6c5e333.exe