Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

d5658d1770...56.exe

windows7-x64

8

d5658d1770...56.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    04/12/2022, 02:37 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d5658d17709d4ec1f839d2c6faabc2321cb2fa59c290f3b053bfd6fbcc5e1a56.exe

  • Size

    54KB

  • MD5

    b047aa40129dc10333cf02d9935db56b

  • SHA1

    eaefbe8544b5606bb68dd46f328d806563f0461e

  • SHA256

    d5658d17709d4ec1f839d2c6faabc2321cb2fa59c290f3b053bfd6fbcc5e1a56

  • SHA512

    239686a964b2f4ee5c6ca6b533cca9aa0a00e34baf22f47a4b03a441293a16b34af24756cc9cb30fe0c2346f7930445c1525ae38647f57f43367fc149b2f6b37

  • SSDEEP

    384:aIQwN/ZxDnD90Ypw76YLC9rFA7DiJMkiAnt9+iI/l7Lum:bjN/3Oj7FC9rFK2Aot9+io9um

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d5658d17709d4ec1f839d2c6faabc2321cb2fa59c290f3b053bfd6fbcc5e1a56.exe
    "C:\Users\Admin\AppData\Local\Temp\d5658d17709d4ec1f839d2c6faabc2321cb2fa59c290f3b053bfd6fbcc5e1a56.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1972
    • C:\Users\Admin\AppData\Local\Temp\smcoc.exe
      "C:\Users\Admin\AppData\Local\Temp\smcoc.exe"
      2⤵
      • Executes dropped EXE
      PID:1108

Network

    No results found
  • 142.250.179.142:80
    46 B
     40 B
     1
    1
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\smcoc.exe
    Filesize

    55KB

    MD5

    cab6f1db32d87368900983f0f44c00f7

    SHA1

    61261d80470ae2bd25693d5994ca90d54ac2de0f

    SHA256

    955690a684982382e6e90f86c1503ba9b5b30e4b4df51a245b8ae2e133b52762

    SHA512

    6fdd4325de197532527ed209f2e1c958515d4f6112b92f8ee73d3885727aa33ab1054284ad832bb1a10a8e956108da8f26f39bf395f86381f40f9dd7e4fbcdb2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\smcoc.exe
    Filesize

    55KB

    MD5

    cab6f1db32d87368900983f0f44c00f7

    SHA1

    61261d80470ae2bd25693d5994ca90d54ac2de0f

    SHA256

    955690a684982382e6e90f86c1503ba9b5b30e4b4df51a245b8ae2e133b52762

    SHA512

    6fdd4325de197532527ed209f2e1c958515d4f6112b92f8ee73d3885727aa33ab1054284ad832bb1a10a8e956108da8f26f39bf395f86381f40f9dd7e4fbcdb2

    Download Submit

  • \Users\Admin\AppData\Local\Temp\smcoc.exe
    Filesize

    55KB

    MD5

    cab6f1db32d87368900983f0f44c00f7

    SHA1

    61261d80470ae2bd25693d5994ca90d54ac2de0f

    SHA256

    955690a684982382e6e90f86c1503ba9b5b30e4b4df51a245b8ae2e133b52762

    SHA512

    6fdd4325de197532527ed209f2e1c958515d4f6112b92f8ee73d3885727aa33ab1054284ad832bb1a10a8e956108da8f26f39bf395f86381f40f9dd7e4fbcdb2

    Download Submit

  • \Users\Admin\AppData\Local\Temp\smcoc.exe
    Filesize

    55KB

    MD5

    cab6f1db32d87368900983f0f44c00f7

    SHA1

    61261d80470ae2bd25693d5994ca90d54ac2de0f

    SHA256

    955690a684982382e6e90f86c1503ba9b5b30e4b4df51a245b8ae2e133b52762

    SHA512

    6fdd4325de197532527ed209f2e1c958515d4f6112b92f8ee73d3885727aa33ab1054284ad832bb1a10a8e956108da8f26f39bf395f86381f40f9dd7e4fbcdb2

    Download Submit

  • memory/1108-62-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1972-54-0x0000000075981000-0x0000000075983000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1972-59-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.