Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

ca6a1186ac...db.exe

windows7-x64

7

ca6a1186ac...db.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/12/2022, 14:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ca6a1186acb9bb8af0027276598f54ca0e10e0d903cfa8d04219c4db412fc7db.exe

  • Size

    1.9MB

  • MD5

    4f39b3918e5413fc531dbfb73e818f08

  • SHA1

    70f85b4e0ce1bc37297b953c8ff3761b1a180827

  • SHA256

    ca6a1186acb9bb8af0027276598f54ca0e10e0d903cfa8d04219c4db412fc7db

  • SHA512

    4416d50f5b88b9b7ae3804d003e555553248452d3a474e257885d0e0754bb62df2dea8fa80d20ff706e4665387ab2f41b422781f99e98bccfbb14d5220a5bb79

  • SSDEEP

    49152:eSeDF0ubadTtLdLpe9/Hr2It19MUrgN0u9nHT3N4kHyhfE3Q:vyfOnNetHr2+1mUr00ezSpN

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\ca6a1186acb9bb8af0027276598f54ca0e10e0d903cfa8d04219c4db412fc7db.exe
    "C:\Users\Admin\AppData\Local\Temp\ca6a1186acb9bb8af0027276598f54ca0e10e0d903cfa8d04219c4db412fc7db.exe"
    1⤵
    • Loads dropped DLL
    PID:4328

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\PromoEngineInstaller\chutil.dll
    Filesize

    104KB

    MD5

    92a34d31adadb01c17894caf85b0f574

    SHA1

    7d74b5c8b869c1f4bbccae3f3d2a5b76c8b94aef

    SHA256

    6e6f7460f5a9b8184c57512d9a232158cc2faf613786a59a20dfbc6629d74e81

    SHA512

    9c6328a9be9c2bffa0d26aa28645bcee3cb540d1463a97661093558b8ed149d59081bb58e4ace1440d3ddf27d8ec9a3965054cbd72954e4ba52e32dd042d200e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\PromoEngineInstaller\sqlite3.dll
    Filesize

    353KB

    MD5

    fec17d5fb09a03376d3aa204c65562a7

    SHA1

    2966508d76523b2c2d28713612b472e7256c66fc

    SHA256

    1e384af4479ba64bd2fa02b00603205c4b0a99a468cfa4cc33cdca7bac845bec

    SHA512

    4e250955a0b6e2a22d41cf24eecc88d3a36de1308c089d8f8ab02beed434f0ed44583f048ca2b436788b7c80ec1c7f0cd79166b3e62d040566c99aa536b9c11e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsu7919.tmp\NSISList.dll
    Filesize

    97KB

    MD5

    2e0785f18f8714393bc4bc1fe170eadf

    SHA1

    1efba431c0fac46c6cb6f60dc08f65a0e23ccf3d

    SHA256

    e68d65626b24e7c1f6fbe1001f43174d0243095181025736f37ad704662f4351

    SHA512

    8a272bb264fa066960a4f34411a81652839eccdbc6fa25be20c0b94d7d10b16cb568338abb5d1a96c155cbc4bc7923d0387fa36bed69c1021296cc6cc5fbb45e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsu7919.tmp\NSISList.dll
    Filesize

    97KB

    MD5

    2e0785f18f8714393bc4bc1fe170eadf

    SHA1

    1efba431c0fac46c6cb6f60dc08f65a0e23ccf3d

    SHA256

    e68d65626b24e7c1f6fbe1001f43174d0243095181025736f37ad704662f4351

    SHA512

    8a272bb264fa066960a4f34411a81652839eccdbc6fa25be20c0b94d7d10b16cb568338abb5d1a96c155cbc4bc7923d0387fa36bed69c1021296cc6cc5fbb45e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsu7919.tmp\NSISdl.dll
    Filesize

    416KB

    MD5

    75347bb7a3390f541e17a66840b7c826

    SHA1

    c86345c398a673a7d5ecdf1f3bdee1a041895cc8

    SHA256

    3a6b7e9e411173d426c417c8f8a022f96a1c2e89db02b033c9676e4e9b477d09

    SHA512

    08fc9027cde81eaf448f9e6e290384888a78b49581d1c7c1d78dec433629727b27f59909e5d94afe7802b00dd5b74cd78e951f247af0c23e00bc8ea2a0409148

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsu7919.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • memory/4328-135-0x0000000002910000-0x000000000292D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/4328-139-0x0000000074970000-0x0000000074A0B000-memory.dmp

    Filesize

    620KB

    Download

  • memory/4328-140-0x0000000074970000-0x0000000074A04000-memory.dmp

    Filesize

    592KB

    Download