Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
43s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
05/12/2022, 16:15
Static task
static1
Behavioral task
behavioral1
Sample
e79c2ef257f31d18ede3e117e9c392b9d1e27907ec3197f904abfc5b0979af71.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
e79c2ef257f31d18ede3e117e9c392b9d1e27907ec3197f904abfc5b0979af71.exe
Resource
win10v2004-20220812-en
General
-
Target
e79c2ef257f31d18ede3e117e9c392b9d1e27907ec3197f904abfc5b0979af71.exe
-
Size
2.8MB
-
MD5
a19bb46ee1315c12be8b9664bef14a61
-
SHA1
de2d2170b00a8f3fd394d023dc72fa2dfbd785e0
-
SHA256
e79c2ef257f31d18ede3e117e9c392b9d1e27907ec3197f904abfc5b0979af71
-
SHA512
2fb7a61c862de8ad562e5bbcf8bf62b2a37b35f4eff74a0fb18c7b82077af245bf2d15ca14288eb3dceca3ad13a469bb59f864f2519790a9d9cdb221025557b8
-
SSDEEP
49152:EsefR30vKQHQZVFVhlFCYE99P7NNeBK/v9ml+FYj3sbwld458DaJj0eo/bBl7hYP:EBRkSQHGFJFCYI9P7Ss/v9u+uUwUSaJr
Malware Config
Signatures
-
Loads dropped DLL 3 IoCs
pid Process 872 e79c2ef257f31d18ede3e117e9c392b9d1e27907ec3197f904abfc5b0979af71.exe 872 e79c2ef257f31d18ede3e117e9c392b9d1e27907ec3197f904abfc5b0979af71.exe 872 e79c2ef257f31d18ede3e117e9c392b9d1e27907ec3197f904abfc5b0979af71.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main e79c2ef257f31d18ede3e117e9c392b9d1e27907ec3197f904abfc5b0979af71.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: 33 524 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 524 AUDIODG.EXE Token: 33 524 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 524 AUDIODG.EXE -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 872 e79c2ef257f31d18ede3e117e9c392b9d1e27907ec3197f904abfc5b0979af71.exe 872 e79c2ef257f31d18ede3e117e9c392b9d1e27907ec3197f904abfc5b0979af71.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\e79c2ef257f31d18ede3e117e9c392b9d1e27907ec3197f904abfc5b0979af71.exe"C:\Users\Admin\AppData\Local\Temp\e79c2ef257f31d18ede3e117e9c392b9d1e27907ec3197f904abfc5b0979af71.exe"1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:872
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x1401⤵
- Suspicious use of AdjustPrivilegeToken
PID:524
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
236KB
MD5e12f05661436f2974cf91b5fc76fb5f4
SHA15e0b7887950204713bef3da0018911279f2540ec
SHA2561873de723938193f9f0877b08c160884b79503b6607598158ad99bd909189fdc
SHA51261d42e055865dd98552b29dd69dc3d761bc7f77c1af108ad13b0b390059be5668657645258c0c08052a5fe1e9f6bdb018da136eb103b7335097487ec0de5d22d
-
Filesize
236KB
MD5e12f05661436f2974cf91b5fc76fb5f4
SHA15e0b7887950204713bef3da0018911279f2540ec
SHA2561873de723938193f9f0877b08c160884b79503b6607598158ad99bd909189fdc
SHA51261d42e055865dd98552b29dd69dc3d761bc7f77c1af108ad13b0b390059be5668657645258c0c08052a5fe1e9f6bdb018da136eb103b7335097487ec0de5d22d
-
Filesize
236KB
MD5e12f05661436f2974cf91b5fc76fb5f4
SHA15e0b7887950204713bef3da0018911279f2540ec
SHA2561873de723938193f9f0877b08c160884b79503b6607598158ad99bd909189fdc
SHA51261d42e055865dd98552b29dd69dc3d761bc7f77c1af108ad13b0b390059be5668657645258c0c08052a5fe1e9f6bdb018da136eb103b7335097487ec0de5d22d