Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    189s
  • max time network
    194s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/12/2022, 21:45

General

  • Target

    556fffdf2073e2302f11191487a65988b7e6b93631e3ea4d39fe1cebae49d3b6.exe

  • Size

    3.8MB

  • MD5

    dadc2a0802519f583cfa735c259e8c6b

  • SHA1

    36b11e27fc523c4cbc031a7a6b21acd0129aa5a7

  • SHA256

    556fffdf2073e2302f11191487a65988b7e6b93631e3ea4d39fe1cebae49d3b6

  • SHA512

    9380ea99e03f54fcb5623dd392faf5f92adaf6074889edcea48d2dd5ef8279b53a4be200d8ad95017e909b3eb9a49b1aee505c6bb96160399ab7b8919c8d2a0a

  • SSDEEP

    98304:GkHqrneH6LPM1D7ViuHeXeR4TyWOnbcfy/BUr:7KC6o13YimeR5dbmy/BUr

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\556fffdf2073e2302f11191487a65988b7e6b93631e3ea4d39fe1cebae49d3b6.exe
    "C:\Users\Admin\AppData\Local\Temp\556fffdf2073e2302f11191487a65988b7e6b93631e3ea4d39fe1cebae49d3b6.exe"
    1⤵
    • Loads dropped DLL
    PID:1052

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsy10DA.tmp\InstallOptions.dll

    Filesize

    14KB

    MD5

    0dc0cc7a6d9db685bf05a7e5f3ea4781

    SHA1

    5d8b6268eeec9d8d904bc9d988a4b588b392213f

    SHA256

    8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c

    SHA512

    814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0