Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

15691e6507...a9.exe

windows7-x64

8

15691e6507...a9.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    72s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 05:55 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    15691e650781c89e7d1403efb624211918fc357e541870bf84d10358b0e8a3a9.exe

  • Size

    94KB

  • MD5

    060819024e6b559470998f581a905fb0

  • SHA1

    05920c474d50496992e6a569f8152b89c0f6128b

  • SHA256

    15691e650781c89e7d1403efb624211918fc357e541870bf84d10358b0e8a3a9

  • SHA512

    b0d5b674114cfe384fdc9aeff0b80d002b1e0e542d6b4f291d180dd4156b9ca82964a61f357cb045286ad264d6f49971a4a2cc94b863d892659a68b4e33e1672

  • SSDEEP

    1536:I7RjK0/ufAJeZvXA+0YGSKa0ANGgsI+z0/t7gskAPlwK3iwjvUOHfF3VGLkc:I79u48vXA+GgnSItTkUwaiwjvbHdlRc

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Uses the VBS compiler for execution 1 TTPs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\15691e650781c89e7d1403efb624211918fc357e541870bf84d10358b0e8a3a9.exe
    "C:\Users\Admin\AppData\Local\Temp\15691e650781c89e7d1403efb624211918fc357e541870bf84d10358b0e8a3a9.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1172
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
      C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
      2⤵
        PID:1112
      • C:\Users\Admin\AppData\Local\Temp\qoNTDFSJfxEylkODHUyxfBYOeYPBZEJhhJMsGiFa-bnd.exe
        "C:\Users\Admin\AppData\Local\Temp\qoNTDFSJfxEylkODHUyxfBYOeYPBZEJhhJMsGiFa-bnd.exe"
        2⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:792

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\qoNTDFSJfxEylkODHUyxfBYOeYPBZEJhhJMsGiFa-bnd.exe
      Filesize

      12KB

      MD5

      ab4999662991523db7614a34c274590b

      SHA1

      a59d28d3b3fb35b37506d680760787616e2c1f3a

      SHA256

      b23ef16243479f76bd97a0a87400e801b94e31fb8213d5fabae7b5f54c346180

      SHA512

      c1909b180166f507619843b6518966349fd9a6bae9956746f0dbf3885531839816f983d654d71dda7f27188ffd9d0c58dba5d80a701c60a559ee435dfdeeb42f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\qoNTDFSJfxEylkODHUyxfBYOeYPBZEJhhJMsGiFa-bnd.exe
      Filesize

      12KB

      MD5

      ab4999662991523db7614a34c274590b

      SHA1

      a59d28d3b3fb35b37506d680760787616e2c1f3a

      SHA256

      b23ef16243479f76bd97a0a87400e801b94e31fb8213d5fabae7b5f54c346180

      SHA512

      c1909b180166f507619843b6518966349fd9a6bae9956746f0dbf3885531839816f983d654d71dda7f27188ffd9d0c58dba5d80a701c60a559ee435dfdeeb42f

      Download Submit

    • \Users\Admin\AppData\Local\Temp\qoNTDFSJfxEylkODHUyxfBYOeYPBZEJhhJMsGiFa-bnd.exe
      Filesize

      12KB

      MD5

      ab4999662991523db7614a34c274590b

      SHA1

      a59d28d3b3fb35b37506d680760787616e2c1f3a

      SHA256

      b23ef16243479f76bd97a0a87400e801b94e31fb8213d5fabae7b5f54c346180

      SHA512

      c1909b180166f507619843b6518966349fd9a6bae9956746f0dbf3885531839816f983d654d71dda7f27188ffd9d0c58dba5d80a701c60a559ee435dfdeeb42f

      Download Submit

    • memory/792-68-0x0000000001030000-0x000000000103A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/1112-58-0x0000000001000000-0x000000000101F000-memory.dmp

      Filesize

      124KB

      Download

    • memory/1112-61-0x0000000001000000-0x000000000101F000-memory.dmp

      Filesize

      124KB

      Download

    • memory/1112-59-0x0000000001000000-0x000000000101F000-memory.dmp

      Filesize

      124KB

      Download

    • memory/1112-56-0x0000000001000000-0x000000000101F000-memory.dmp

      Filesize

      124KB

      Download

    • memory/1112-55-0x0000000001000000-0x000000000101F000-memory.dmp

      Filesize

      124KB

      Download

    • memory/1172-54-0x00000000759F1000-0x00000000759F3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1172-67-0x0000000074CB0000-0x000000007525B000-memory.dmp

      Filesize

      5.7MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.