Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
04/12/2022, 02:37 UTC
Static task
static1
Behavioral task
behavioral1
Sample
d5658d17709d4ec1f839d2c6faabc2321cb2fa59c290f3b053bfd6fbcc5e1a56.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
d5658d17709d4ec1f839d2c6faabc2321cb2fa59c290f3b053bfd6fbcc5e1a56.exe
Resource
win10v2004-20220812-en
General
-
Target
d5658d17709d4ec1f839d2c6faabc2321cb2fa59c290f3b053bfd6fbcc5e1a56.exe
-
Size
54KB
-
MD5
b047aa40129dc10333cf02d9935db56b
-
SHA1
eaefbe8544b5606bb68dd46f328d806563f0461e
-
SHA256
d5658d17709d4ec1f839d2c6faabc2321cb2fa59c290f3b053bfd6fbcc5e1a56
-
SHA512
239686a964b2f4ee5c6ca6b533cca9aa0a00e34baf22f47a4b03a441293a16b34af24756cc9cb30fe0c2346f7930445c1525ae38647f57f43367fc149b2f6b37
-
SSDEEP
384:aIQwN/ZxDnD90Ypw76YLC9rFA7DiJMkiAnt9+iI/l7Lum:bjN/3Oj7FC9rFK2Aot9+io9um
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1108 smcoc.exe -
Loads dropped DLL 2 IoCs
pid Process 1972 d5658d17709d4ec1f839d2c6faabc2321cb2fa59c290f3b053bfd6fbcc5e1a56.exe 1972 d5658d17709d4ec1f839d2c6faabc2321cb2fa59c290f3b053bfd6fbcc5e1a56.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1972 wrote to memory of 1108 1972 d5658d17709d4ec1f839d2c6faabc2321cb2fa59c290f3b053bfd6fbcc5e1a56.exe 28 PID 1972 wrote to memory of 1108 1972 d5658d17709d4ec1f839d2c6faabc2321cb2fa59c290f3b053bfd6fbcc5e1a56.exe 28 PID 1972 wrote to memory of 1108 1972 d5658d17709d4ec1f839d2c6faabc2321cb2fa59c290f3b053bfd6fbcc5e1a56.exe 28 PID 1972 wrote to memory of 1108 1972 d5658d17709d4ec1f839d2c6faabc2321cb2fa59c290f3b053bfd6fbcc5e1a56.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\d5658d17709d4ec1f839d2c6faabc2321cb2fa59c290f3b053bfd6fbcc5e1a56.exe"C:\Users\Admin\AppData\Local\Temp\d5658d17709d4ec1f839d2c6faabc2321cb2fa59c290f3b053bfd6fbcc5e1a56.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1972 -
C:\Users\Admin\AppData\Local\Temp\smcoc.exe"C:\Users\Admin\AppData\Local\Temp\smcoc.exe"2⤵
- Executes dropped EXE
PID:1108
-
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
55KB
MD5cab6f1db32d87368900983f0f44c00f7
SHA161261d80470ae2bd25693d5994ca90d54ac2de0f
SHA256955690a684982382e6e90f86c1503ba9b5b30e4b4df51a245b8ae2e133b52762
SHA5126fdd4325de197532527ed209f2e1c958515d4f6112b92f8ee73d3885727aa33ab1054284ad832bb1a10a8e956108da8f26f39bf395f86381f40f9dd7e4fbcdb2
-
Filesize
55KB
MD5cab6f1db32d87368900983f0f44c00f7
SHA161261d80470ae2bd25693d5994ca90d54ac2de0f
SHA256955690a684982382e6e90f86c1503ba9b5b30e4b4df51a245b8ae2e133b52762
SHA5126fdd4325de197532527ed209f2e1c958515d4f6112b92f8ee73d3885727aa33ab1054284ad832bb1a10a8e956108da8f26f39bf395f86381f40f9dd7e4fbcdb2
-
Filesize
55KB
MD5cab6f1db32d87368900983f0f44c00f7
SHA161261d80470ae2bd25693d5994ca90d54ac2de0f
SHA256955690a684982382e6e90f86c1503ba9b5b30e4b4df51a245b8ae2e133b52762
SHA5126fdd4325de197532527ed209f2e1c958515d4f6112b92f8ee73d3885727aa33ab1054284ad832bb1a10a8e956108da8f26f39bf395f86381f40f9dd7e4fbcdb2
-
Filesize
55KB
MD5cab6f1db32d87368900983f0f44c00f7
SHA161261d80470ae2bd25693d5994ca90d54ac2de0f
SHA256955690a684982382e6e90f86c1503ba9b5b30e4b4df51a245b8ae2e133b52762
SHA5126fdd4325de197532527ed209f2e1c958515d4f6112b92f8ee73d3885727aa33ab1054284ad832bb1a10a8e956108da8f26f39bf395f86381f40f9dd7e4fbcdb2