Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

f9c743bf03...c5.exe

windows7-x64

f9c743bf03...c5.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    157s
  • max time network
    199s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/12/2022, 11:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f9c743bf03b2f870457614634e0ad9e9c957e3ab57a5d822785174599f4af5c5.exe

  • Size

    287KB

  • MD5

    7decec801101e621a063587d79e26f43

  • SHA1

    9282a9f4da0f8c52793fb8032727bc94be984d93

  • SHA256

    f9c743bf03b2f870457614634e0ad9e9c957e3ab57a5d822785174599f4af5c5

  • SHA512

    3957b55cb27d76f0ddf6e50e464f3379b08a4cd980abc62a9b38aea60f4477c301e7007babd12a8bc1fa025d4a1047dd9ab0ae44bf0540e6190a7caf788bc68a

  • SSDEEP

    6144:yRT9A65pP1wlYgrN1y6V1X1RonMequ8+my5ET7z/pUHXjRT:OA65XwlYgrHy6V17kr8+m73z/U

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\f9c743bf03b2f870457614634e0ad9e9c957e3ab57a5d822785174599f4af5c5.exe
    "C:\Users\Admin\AppData\Local\Temp\f9c743bf03b2f870457614634e0ad9e9c957e3ab57a5d822785174599f4af5c5.exe"
    1⤵
      PID:208

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/208-132-0x0000000000400000-0x00000000004AD000-memory.dmp

      Filesize

      692KB

      Download

    • memory/208-133-0x0000000000400000-0x00000000004AD000-memory.dmp

      Filesize

      692KB

      Download

    • memory/208-134-0x0000000000400000-0x00000000004AD000-memory.dmp

      Filesize

      692KB

      Download