Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

fb6106e6e5...e7.exe

windows7-x64

7

fb6106e6e5...e7.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    119s
  • max time network
    32s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    03/12/2022, 10:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fb6106e6e5d1048dc13cf1ca7530b62313cf7f23560a3c6c9e2b8e3e31e21de7.exe

  • Size

    51KB

  • MD5

    888cc693dd7c3f97b57282a54a55a520

  • SHA1

    ad4e0aacc9c752cd3842c921057e90f9e5aaba7e

  • SHA256

    fb6106e6e5d1048dc13cf1ca7530b62313cf7f23560a3c6c9e2b8e3e31e21de7

  • SHA512

    e78c4b5c21385bbc15049c434fbb3bd673a5c88ab9f85fa78220f0bb1ab71f4ffa940f373eb833e05eabe3c9163a4d66005ede0f370d84fbf7ee800947ca34f7

  • SSDEEP

    768:WoH24OpQ9BopxbEOC2IdM1+R5GAaYEgO+ihaOe/dV4L06UXCgHN6n+/vwhrvTCI:WJ4ZE5Idu+jMRghbOGWL0jXBN6nnvWI

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fb6106e6e5d1048dc13cf1ca7530b62313cf7f23560a3c6c9e2b8e3e31e21de7.exe
    "C:\Users\Admin\AppData\Local\Temp\fb6106e6e5d1048dc13cf1ca7530b62313cf7f23560a3c6c9e2b8e3e31e21de7.exe"
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:1596
    • C:\Windows\SysWOW64\svchost.exe
      svchost.exe
      2⤵
      • Deletes itself
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of WriteProcessMemory
      PID:584
      • C:\Windows\SysWOW64\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\fb6106e6e5d1048dc13cf1ca7530b62313cf7f23560a3c6c9e2b8e3e31e21de7.txt
        3⤵
        • Opens file in notepad (likely ransom note)
        PID:668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\fb6106e6e5d1048dc13cf1ca7530b62313cf7f23560a3c6c9e2b8e3e31e21de7.txt
    Filesize

    36B

    MD5

    1123526e0d34644d9ff8b94378b07ba1

    SHA1

    2997bdce99c9d7eeeb6ab2f55a6b246748ba9ae3

    SHA256

    01166f19ae656c254351e749ecab3b3956c3242c5653e299aaa4f3830cce505e

    SHA512

    2defbc915b4e0ab4320bbe23ab71c5a911fa538031c415de47f2d58190267a91215ac4469c8f115c7d6f21bb775e2232ddc3ae898a8d75ec2dae9a52e884b8e6

    Download Submit

  • memory/584-55-0x00000000767D1000-0x00000000767D3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/584-57-0x0000000000170000-0x0000000000178000-memory.dmp

    Filesize

    32KB

    Download

  • memory/584-58-0x0000000000080000-0x0000000000088000-memory.dmp

    Filesize

    32KB

    Download

  • memory/584-59-0x00000000002C0000-0x0000000000340000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1596-56-0x0000000000400000-0x000000000041E000-memory.dmp

    Filesize

    120KB

    Download