Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

15691e6507...a9.exe

windows7-x64

8

15691e6507...a9.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    347s
  • max time network
    451s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/12/2022, 05:55 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    15691e650781c89e7d1403efb624211918fc357e541870bf84d10358b0e8a3a9.exe

  • Size

    94KB

  • MD5

    060819024e6b559470998f581a905fb0

  • SHA1

    05920c474d50496992e6a569f8152b89c0f6128b

  • SHA256

    15691e650781c89e7d1403efb624211918fc357e541870bf84d10358b0e8a3a9

  • SHA512

    b0d5b674114cfe384fdc9aeff0b80d002b1e0e542d6b4f291d180dd4156b9ca82964a61f357cb045286ad264d6f49971a4a2cc94b863d892659a68b4e33e1672

  • SSDEEP

    1536:I7RjK0/ufAJeZvXA+0YGSKa0ANGgsI+z0/t7gskAPlwK3iwjvUOHfF3VGLkc:I79u48vXA+GgnSItTkUwaiwjvbHdlRc

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Uses the VBS compiler for execution 1 TTPs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\15691e650781c89e7d1403efb624211918fc357e541870bf84d10358b0e8a3a9.exe
    "C:\Users\Admin\AppData\Local\Temp\15691e650781c89e7d1403efb624211918fc357e541870bf84d10358b0e8a3a9.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:932
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
      C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
      2⤵
        PID:1080
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 12
          3⤵
          • Program crash
          PID:2216
      • C:\Users\Admin\AppData\Local\Temp\qoNTDFSJfxEylkODHUyxfBYOeYPBZEJhhJMsGiFa-bnd.exe
        "C:\Users\Admin\AppData\Local\Temp\qoNTDFSJfxEylkODHUyxfBYOeYPBZEJhhJMsGiFa-bnd.exe"
        2⤵
        • Executes dropped EXE
        PID:4852
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1080 -ip 1080
      1⤵
        PID:1620

      Network

        No results found
      • 87.248.202.1:80
        260 B
         5
      • 178.79.208.1:80
        260 B
         5
      • 209.197.3.8:80
        322 B
         7
      • 20.189.173.12:443
        322 B
         7
      • 40.126.32.134:443
        260 B
         5
      • 104.80.225.205:443
        322 B
         7
      • 87.248.202.1:80
        322 B
         7
      No results found

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\qoNTDFSJfxEylkODHUyxfBYOeYPBZEJhhJMsGiFa-bnd.exe
        Filesize

        12KB

        MD5

        ab4999662991523db7614a34c274590b

        SHA1

        a59d28d3b3fb35b37506d680760787616e2c1f3a

        SHA256

        b23ef16243479f76bd97a0a87400e801b94e31fb8213d5fabae7b5f54c346180

        SHA512

        c1909b180166f507619843b6518966349fd9a6bae9956746f0dbf3885531839816f983d654d71dda7f27188ffd9d0c58dba5d80a701c60a559ee435dfdeeb42f

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\qoNTDFSJfxEylkODHUyxfBYOeYPBZEJhhJMsGiFa-bnd.exe
        Filesize

        12KB

        MD5

        ab4999662991523db7614a34c274590b

        SHA1

        a59d28d3b3fb35b37506d680760787616e2c1f3a

        SHA256

        b23ef16243479f76bd97a0a87400e801b94e31fb8213d5fabae7b5f54c346180

        SHA512

        c1909b180166f507619843b6518966349fd9a6bae9956746f0dbf3885531839816f983d654d71dda7f27188ffd9d0c58dba5d80a701c60a559ee435dfdeeb42f

        Download Submit

      • memory/932-134-0x0000000075490000-0x0000000075A41000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/932-137-0x0000000075490000-0x0000000075A41000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/1080-133-0x0000000001000000-0x000000000101F000-memory.dmp

        Filesize

        124KB

        Download

      • memory/4852-139-0x00000000007E0000-0x00000000007EA000-memory.dmp

        Filesize

        40KB

        Download

      • memory/4852-140-0x0000000005570000-0x0000000005B14000-memory.dmp

        Filesize

        5.6MB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.