Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

90dab12fe7...6f.exe

windows7-x64

8

90dab12fe7...6f.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    57s
  • max time network
    51s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 23:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    90dab12fe7f1384f91001f83711e553a4c515c8252148752d94fa0510dbdc76f.exe

  • Size

    153KB

  • MD5

    c53ae0066fe74a0b3b8f0066a4438bd4

  • SHA1

    10ad4a20b752f78306e2c60ba7903480ebed1323

  • SHA256

    90dab12fe7f1384f91001f83711e553a4c515c8252148752d94fa0510dbdc76f

  • SHA512

    787f21cb7656f52db32001aafbc0b2f4f4105d31b4b4c6050ddcdd73a0839bb74e47c8a2b38d6701487ef581b25d5249fafda9d486d83d63a423e484f0a92be1

  • SSDEEP

    3072:yBAp5XhKpN4eOyVTGfhEClj8jTk+0hAdYq0:BbXE9OiTGfhEClq9BdC

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Drops file in Drivers directory 1 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\90dab12fe7f1384f91001f83711e553a4c515c8252148752d94fa0510dbdc76f.exe
    "C:\Users\Admin\AppData\Local\Temp\90dab12fe7f1384f91001f83711e553a4c515c8252148752d94fa0510dbdc76f.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1324
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Program Files (x86)\arhivd\insalld\shaibu.bat" "
      2⤵
      • Drops file in Drivers directory
      PID:1200
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\arhivd\insalld\lovi.vbs"
      2⤵
      • Blocklisted process makes network request
      PID:1736

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\arhivd\insalld\gemoroi.txt
    Filesize

    5B

    MD5

    4420279662574754dfd5bef14ee49b5b

    SHA1

    64dedbd9276bbcf8e2f2e42d81288d073d930892

    SHA256

    86ddeccd15c9bffccf0ab2b7f7ec3a40b0ba1ce8356317624bea66a0e20c2aa1

    SHA512

    952c16e86e009f6726250b4e5ab5e4a5b7a41da3247ab82b88580d246f018f34791c06d345230e7dad388021616f149e458b5bcf5993ecdcae6135b6dc33de99

    Download Submit

  • C:\Program Files (x86)\arhivd\insalld\lovi.vbs
    Filesize

    1KB

    MD5

    8935d2c18286235595a63a129970dd3d

    SHA1

    4459381028d33dd5ac3a22f4f7ce80acdab8fccb

    SHA256

    4a76452cd02a58c7ff97c447a287a8e39f5ec072c7b59b11196e99c0e075da9a

    SHA512

    b7bf8da3ac8fb5bda0b9c892dca2396b6cc27b8cd766e5076bc5047762e4e3f865aabfb7a1d3f108d4e84524c7afdb7322dfe593baffe9518dac160505b60204

    Download Submit

  • C:\Program Files (x86)\arhivd\insalld\shaibu.bat
    Filesize

    4KB

    MD5

    73307829bd885e1a2aa590043be39660

    SHA1

    24f3f175249d32da7cf9e3d8c0403da036b9ecc7

    SHA256

    a548727c1e25e767ec537c64d6dc1581344777f6e86f924cde6a450a35327660

    SHA512

    2b64c28c7378d666827aa1a7659d20d03327e589443065cc72d101442147c48cff8d93863364367515293c264b5146d8f329f2bcd08d8078a570f3c1ec8bcc5a

    Download Submit

  • memory/1324-54-0x00000000752B1000-0x00000000752B3000-memory.dmp

    Filesize

    8KB

    Download