Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    45s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 15:29

General

  • Target

    22ed1d0b641b6102e05215942f7e55832da8913332ff21f6ee1f987ad0943e00.exe

  • Size

    562KB

  • MD5

    a166ed79a0b977a8b3c3c2265008320c

  • SHA1

    942d357bc1be9a739e8f84623fdb1a77885c41fe

  • SHA256

    22ed1d0b641b6102e05215942f7e55832da8913332ff21f6ee1f987ad0943e00

  • SHA512

    f8d7d9b688a3b331ad1ae348d8dea63e65084b37ec04dc907c32be388b260326fd254ff92f06cb50e075a428897b9f64a040f2555acbc67117b787e36f6981de

  • SSDEEP

    12288:RCK+qK4QIUJ6ItO49LpwEBXu+OKex+VwKDPFIihoGqz765OMF+:RChqKgU79usbkx+VNJhofz765hs

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\22ed1d0b641b6102e05215942f7e55832da8913332ff21f6ee1f987ad0943e00.exe
    "C:\Users\Admin\AppData\Local\Temp\22ed1d0b641b6102e05215942f7e55832da8913332ff21f6ee1f987ad0943e00.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:852

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/852-54-0x0000000074E41000-0x0000000074E43000-memory.dmp

    Filesize

    8KB

  • memory/852-55-0x00000000740A1000-0x00000000740A3000-memory.dmp

    Filesize

    8KB