Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

0fd2a27202...a5.exe

windows7-x64

7

0fd2a27202...a5.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    141s
  • max time network
    177s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 10:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0fd2a27202708e4ff92900dd6efa9827bb9c963e234df8df1188c07497a07ca5.exe

  • Size

    23KB

  • MD5

    5b156a0b5891138706ee1f716dfac809

  • SHA1

    709053f8f2bcef6d83e1cb70a9dc9ffaeeea1be7

  • SHA256

    0fd2a27202708e4ff92900dd6efa9827bb9c963e234df8df1188c07497a07ca5

  • SHA512

    e77b38978482a8df13d5d168d60e88833c438a05cc1136162ea33308cfb73a7d1383cc1ed65ab352b77a9c5190e4529c66220be39cce9673672cadfe147639c7

  • SSDEEP

    384:bQZIvt8JfA31QcthKIpZt+TRgaQJjYjv1OEsZmfyegpzzyRSB26337nR:bzuAFQcthHZt+TRgrJjw/sZmXKzhD

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0fd2a27202708e4ff92900dd6efa9827bb9c963e234df8df1188c07497a07ca5.exe
    "C:\Users\Admin\AppData\Local\Temp\0fd2a27202708e4ff92900dd6efa9827bb9c963e234df8df1188c07497a07ca5.exe"
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:1456
    • C:\Windows\SysWOW64\svchost.exe
      svchost.exe
      2⤵
      • Deletes itself
      • Suspicious use of WriteProcessMemory
      PID:1264
      • C:\Windows\SysWOW64\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\0fd2a27202708e4ff92900dd6efa9827bb9c963e234df8df1188c07497a07ca5.txt
        3⤵
        • Opens file in notepad (likely ransom note)
        PID:1048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\0fd2a27202708e4ff92900dd6efa9827bb9c963e234df8df1188c07497a07ca5.txt
    Filesize

    175B

    MD5

    6df96747865541d31b550ecb76b0f76b

    SHA1

    af9e3e882d554b5d75d9ce11d6bb56b14f647997

    SHA256

    f3821e4c5443af157b8a478eac4973fcfb13ad5d0f922135c516148fc426cee2

    SHA512

    37b0e539f61520766b5c599b1389ac13a050474324af05fd1fb2d20e14014e4fd57dc6478c6c3e73ffd10f5eb424128dd26d24e0745f5046573aa709a9dcebb4

    Download Submit

  • memory/1264-55-0x00000000757B1000-0x00000000757B3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1264-57-0x00000000009B0000-0x00000000009B8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1264-58-0x0000000000080000-0x0000000000088000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1264-59-0x0000000000370000-0x00000000003F0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1264-63-0x0000000000370000-0x00000000003F0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1456-56-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download