Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

file.exe

windows7-x64

8

file.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    304s
  • max time network
    380s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/12/2022, 03:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    7.3MB

  • MD5

    e4efd84214889d40f8eccdf9d8584585

  • SHA1

    ce21b9be73be7d4f0091cfdae53e5f0eb42a9b2f

  • SHA256

    9268b48a46002670bf6b18707599367dc38f79a88693d14d6403a7d11b337f84

  • SHA512

    a45d91d0e4a6b0240f52cf05ff059133fb3ecd111802a5be2fbb8a173320e4eff118a903cc0b25db14f0cb0d5adba0da466b67d5e0475382a2760848acbf565f

  • SSDEEP

    98304:91OSghrTm4CgZoiK2Kltghg6kWkgN+RQKVE4esblIO5iw7B2GzpmUs8bnUvoCXcY:91OO4dKLicZxq4zR12tAnaoIrb/w0Fn

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3892
    • C:\Users\Admin\AppData\Local\Temp\7zSD99D.tmp\Install.exe
      .\Install.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:3820
      • C:\Users\Admin\AppData\Local\Temp\7zSBB43.tmp\Install.exe
        .\Install.exe /S /site_id "525403"
        3⤵
        • Executes dropped EXE
        • Checks BIOS information in registry
        • Enumerates system info in registry
        PID:1284

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7zSBB43.tmp\Install.exe
    Filesize

    6.8MB

    MD5

    d57fcb1f7217abdc3bc9594d72b069e2

    SHA1

    9bb541769d84def773ce4e51c31bd056ba6c213d

    SHA256

    ede74804494d3193db79cc6f078999f81a1654a17eb734c470318e3d19bce386

    SHA512

    77ae8eecb30db62fafe71dcbd6a3f6d6971a7d2abae9d34991d8f61aba5f25a0daf70cc908a4362953677a04a0268773c58cf58c3332dbd3abb96bbb795e660a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSBB43.tmp\Install.exe
    Filesize

    6.8MB

    MD5

    d57fcb1f7217abdc3bc9594d72b069e2

    SHA1

    9bb541769d84def773ce4e51c31bd056ba6c213d

    SHA256

    ede74804494d3193db79cc6f078999f81a1654a17eb734c470318e3d19bce386

    SHA512

    77ae8eecb30db62fafe71dcbd6a3f6d6971a7d2abae9d34991d8f61aba5f25a0daf70cc908a4362953677a04a0268773c58cf58c3332dbd3abb96bbb795e660a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSD99D.tmp\Install.exe
    Filesize

    6.3MB

    MD5

    40e955dc9d482dd6cc936ee22987daab

    SHA1

    b006140e3367adf14a6451997c533b3e402626c1

    SHA256

    1876825fafd8bb8c37a783889b14ac641f2f51ce31cb682c84c0d19a850573ec

    SHA512

    7d56b0ce7c6ced797c32ae9706bdd32b0ea69a5f75f477a1f630d3ac93c6b5bb20b38e5532244a54466ec3456f8a0b6dd5de16f91f04f4bb3fc7860633ca1c11

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSD99D.tmp\Install.exe
    Filesize

    6.3MB

    MD5

    40e955dc9d482dd6cc936ee22987daab

    SHA1

    b006140e3367adf14a6451997c533b3e402626c1

    SHA256

    1876825fafd8bb8c37a783889b14ac641f2f51ce31cb682c84c0d19a850573ec

    SHA512

    7d56b0ce7c6ced797c32ae9706bdd32b0ea69a5f75f477a1f630d3ac93c6b5bb20b38e5532244a54466ec3456f8a0b6dd5de16f91f04f4bb3fc7860633ca1c11

    Download Submit

  • memory/1284-138-0x0000000010000000-0x0000000010BF6000-memory.dmp

    Filesize

    12.0MB

    Download