Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
237s -
max time network
253s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
02/12/2022, 00:19
Static task
static1
Behavioral task
behavioral1
Sample
b8308216847e9ceb2e760e2a216602ca789bacf56084de45f8e52d5e0e4868bd.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
b8308216847e9ceb2e760e2a216602ca789bacf56084de45f8e52d5e0e4868bd.exe
Resource
win10v2004-20221111-en
General
-
Target
b8308216847e9ceb2e760e2a216602ca789bacf56084de45f8e52d5e0e4868bd.exe
-
Size
288KB
-
MD5
8f1d838ba4d6c7a51a962d9abfa30c60
-
SHA1
b942265c3c571b1dd811d2853befa5720065468f
-
SHA256
b8308216847e9ceb2e760e2a216602ca789bacf56084de45f8e52d5e0e4868bd
-
SHA512
1df5440194c5129938cf5640a9c5b2a54de3535721777ad8151e72569344f4ec23d603b3be3b3ab2e080cebf22b22e0edae5dbc8264b45e16912bf20970b8e2f
-
SSDEEP
3072:AU0nUhhQdiEXIOZAksTCPkix7Fe7dEN8EXgNqf5cTrWi6ei2uiTbtTmH8Fe90p0X:70JiDbYJFsE0NMCP6wJYj8t/cx
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2752 b8308216847e9ceb2e760e2a216602ca789bacf56084de45f8e52d5e0e4868bd.exe