Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
157s -
max time network
230s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
04/12/2022, 09:03
General
-
Target
c77e4ca0711859c750a706d84615db0db171cf743e74478fc1951a4427522a5e.exe
-
Size
324KB
-
MD5
fb483a28d226865596be7eee3835f0d8
-
SHA1
1a17f6fde84203a2fd0a042c7aab4ecf32414781
-
SHA256
c77e4ca0711859c750a706d84615db0db171cf743e74478fc1951a4427522a5e
-
SHA512
58b723ad00489afe7c889ae850f8ac190babbfd114674351e561de658a06cbee5082d23d6635b2806781e8692065811f15823e6695e006966931bc9f6afc693f
-
SSDEEP
6144:qAoZqAYTSE0CzjeNH0LCZhwcU8oa7bN4iAdyk2xoexG:qZ0eZhJ9H7bSbMkWoexG
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Drops desktop.ini file(s) 2 IoCs
-
Drops autorun.inf file 1 TTPs 2 IoCs
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies system certificate store 2 TTPs 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c77e4ca0711859c750a706d84615db0db171cf743e74478fc1951a4427522a5e.exe"C:\Users\Admin\AppData\Local\Temp\c77e4ca0711859c750a706d84615db0db171cf743e74478fc1951a4427522a5e.exe"1⤵
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops autorun.inf file
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB