Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

42d40d097e...b7.exe

windows7-x64

7

42d40d097e...b7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    164s
  • max time network
    183s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/12/2022, 00:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    42d40d097e2a19314380ee3754aa046722d23e9ced73ab8025048446830f6bb7.exe

  • Size

    101KB

  • MD5

    1323913bf50b6bce2f72cbe3609e2ce0

  • SHA1

    03414e1160942e152482e10b69fe37574325a4db

  • SHA256

    42d40d097e2a19314380ee3754aa046722d23e9ced73ab8025048446830f6bb7

  • SHA512

    cfacf38ce79628258ece3d322b952f4072661e7c0f210f04e912a6fd6b4b53b39e465c3d1d6c016f000e0478c7f8f617d620667f9d3c3fa67d260cba32fe7ab2

  • SSDEEP

    1536:7P4mQ+W4hKwHCtjeWQuhrzb8yUNKAbbzCwHzx5e6ywv77St+iyYzrzRvD3:7Pil4YXBFmxN/fXx5ehwSt+iyYrztD

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\42d40d097e2a19314380ee3754aa046722d23e9ced73ab8025048446830f6bb7.exe
    "C:\Users\Admin\AppData\Local\Temp\42d40d097e2a19314380ee3754aa046722d23e9ced73ab8025048446830f6bb7.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2384
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Ygb..bat" > nul 2> nul
      2⤵
        PID:776

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Ygb..bat
      Filesize

      274B

      MD5

      52931fe7abda089cd5919947ac6fc973

      SHA1

      1b483b64b3e6bcced9eea21eb0120af02e6d45db

      SHA256

      c6711f540922612a3ca69b048a9abcbf21683a2aced24cb7da5d76bc404369c3

      SHA512

      f4fb0706627ef9f6cb2dcb169d9b4beeda244d1b97a6642fdf6bb5b63fe5a1baec6bf73577f14f6e3d8ae904c4390b03d77796ee5f31a748da4609dfff29d1dd

      Download Submit

    • memory/2384-132-0x0000000000400000-0x000000000041C000-memory.dmp

      Filesize

      112KB

      Download

    • memory/2384-133-0x0000000000401000-0x0000000000407000-memory.dmp

      Filesize

      24KB

      Download

    • memory/2384-135-0x0000000000400000-0x000000000041C000-memory.dmp

      Filesize

      112KB

      Download