Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    152s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/12/2022, 10:20

General

  • Target

    fdf632aaefc99b36c89a9e1c8a7a07795b6f8a1aad7860eeca90d7273564d62a.exe

  • Size

    94KB

  • MD5

    395df6e70432829bec3852306ff63ecd

  • SHA1

    0a3735863450d4fb8ed6173185e68022b2c17cda

  • SHA256

    fdf632aaefc99b36c89a9e1c8a7a07795b6f8a1aad7860eeca90d7273564d62a

  • SHA512

    5f8d4b01a5e3488d27bef72e3345d727fca1ca066650b41f8041bfd0f18becebc4ffcace27ce462b8e20312f3f85020f39a6c4c5026a78c8712ff41771633f0d

  • SSDEEP

    1536:KuieF4ac5TP1zzi5Rhezd6mVx+Ysb+oou:K+NG1Pzd6mv+Yp

Score
8/10

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 10 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fdf632aaefc99b36c89a9e1c8a7a07795b6f8a1aad7860eeca90d7273564d62a.exe
    "C:\Users\Admin\AppData\Local\Temp\fdf632aaefc99b36c89a9e1c8a7a07795b6f8a1aad7860eeca90d7273564d62a.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5004
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /u /s ToolBand2.dll
      2⤵
        PID:3564
      • C:\Windows\SysWOW64\regsvr32.exe
        regsvr32 /u /s ToolBand2.dll
        2⤵
          PID:2628

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads