Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
157s -
max time network
199s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
03/12/2022, 11:34
Behavioral task
behavioral1
Sample
f9c743bf03b2f870457614634e0ad9e9c957e3ab57a5d822785174599f4af5c5.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
f9c743bf03b2f870457614634e0ad9e9c957e3ab57a5d822785174599f4af5c5.exe
Resource
win10v2004-20221111-en
General
-
Target
f9c743bf03b2f870457614634e0ad9e9c957e3ab57a5d822785174599f4af5c5.exe
-
Size
287KB
-
MD5
7decec801101e621a063587d79e26f43
-
SHA1
9282a9f4da0f8c52793fb8032727bc94be984d93
-
SHA256
f9c743bf03b2f870457614634e0ad9e9c957e3ab57a5d822785174599f4af5c5
-
SHA512
3957b55cb27d76f0ddf6e50e464f3379b08a4cd980abc62a9b38aea60f4477c301e7007babd12a8bc1fa025d4a1047dd9ab0ae44bf0540e6190a7caf788bc68a
-
SSDEEP
6144:yRT9A65pP1wlYgrN1y6V1X1RonMequ8+my5ET7z/pUHXjRT:OA65XwlYgrHy6V17kr8+m73z/U
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/208-132-0x0000000000400000-0x00000000004AD000-memory.dmp upx behavioral2/memory/208-133-0x0000000000400000-0x00000000004AD000-memory.dmp upx behavioral2/memory/208-134-0x0000000000400000-0x00000000004AD000-memory.dmp upx -
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
resource yara_rule behavioral2/memory/208-134-0x0000000000400000-0x00000000004AD000-memory.dmp autoit_exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.