Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    146s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/11/2022, 11:44 UTC

General

  • Target

    9e24dd64c2484ad401e910c3c111f27475a62525c638603c08e54f4f02780a6a.exe

  • Size

    1.8MB

  • MD5

    b21c0b54ec2941a4592c57e2f788b0b4

  • SHA1

    73b2298aa6e9a04ff226aa0e9a83b4836b060e6e

  • SHA256

    9e24dd64c2484ad401e910c3c111f27475a62525c638603c08e54f4f02780a6a

  • SHA512

    94667ff28f10776d2f95e73ffa70fa33c4e8db02005e8dbf42898a39bc739c169aac53ab7f26785613811beebc392df0b6527d9275b985e343b0059e8e8dca91

  • SSDEEP

    49152:EgOC1tGFXdbhljDasY6DwOBfrnvV7UeWt2bExrl5VeQt:kC1tCd9YiwOBpIeW9rlXe2

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops desktop.ini file(s) 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9e24dd64c2484ad401e910c3c111f27475a62525c638603c08e54f4f02780a6a.exe
    "C:\Users\Admin\AppData\Local\Temp\9e24dd64c2484ad401e910c3c111f27475a62525c638603c08e54f4f02780a6a.exe"
    1⤵
    • Loads dropped DLL
    • Drops desktop.ini file(s)
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:440

Network

    No results found
  • 209.197.3.8:80
    46 B
    40 B
    1
    1
  • 104.109.143.97:443
    tls
    92 B
    111 B
    2
    2
  • 23.73.0.144:443
    tls
    92 B
    104 B
    2
    2
  • 209.197.3.8:80
    46 B
    40 B
    1
    1
  • 131.253.33.200:443
    40 B
    1
  • 85.143.191.58:81
    9e24dd64c2484ad401e910c3c111f27475a62525c638603c08e54f4f02780a6a.exe
    260 B
    5
  • 152.199.19.161:80
    46 B
    40 B
    1
    1
  • 95.101.78.82:80
    322 B
    7
  • 131.253.33.239:443
    40 B
    1
  • 20.42.65.85:443
    322 B
    7
  • 209.197.3.8:80
    322 B
    7
  • 209.197.3.8:80
    322 B
    7
  • 209.197.3.8:80
    322 B
    7
  • 23.73.0.144:443
    tls
    92 B
    104 B
    2
    2
  • 8.8.8.8:443
    tls
    46 B
    113 B
    1
    1
  • 8.8.8.8:443
    tls
    46 B
    113 B
    1
    1
  • 65.9.86.31:443
    tls
    92 B
    119 B
    2
    2
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\45ob2d5p.avl\7z.dll

    Filesize

    893KB

    MD5

    04ad4b80880b32c94be8d0886482c774

    SHA1

    344faf61c3eb76f4a2fb6452e83ed16c9cce73e0

    SHA256

    a1e1d1f0fff4fcccfbdfa313f3bdfea4d3dfe2c2d9174a615bbc39a0a6929338

    SHA512

    3e3aaf01b769471b18126e443a721c9e9a0269e9f5e48d0a10251bc1ee309855bd71ede266caa6828b007359b21ba562c2a5a3469078760f564fb7bd43acabfb

  • memory/440-132-0x0000000074880000-0x0000000074E31000-memory.dmp

    Filesize

    5.7MB

  • memory/440-134-0x0000000074880000-0x0000000074E31000-memory.dmp

    Filesize

    5.7MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.