Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

b7490b2858...b6.exe

windows7-x64

8

b7490b2858...b6.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    187s
  • max time network
    240s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/12/2022, 22:50 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b7490b28587e081a83f52e2b172e2ba04d780dbe36a0dd7626b5d61e882beab6.exe

  • Size

    595KB

  • MD5

    3e021ff26063ac5f6de4971dbddec210

  • SHA1

    e63068bcc6c34e84aa221eff23c98f0db68a4e59

  • SHA256

    b7490b28587e081a83f52e2b172e2ba04d780dbe36a0dd7626b5d61e882beab6

  • SHA512

    a0f04930108e055f97a7e171a7f7f5fbeef257f8a8713d9921c3b1e07a2d2f45eff85509ce7d8f69c5ebab641827ad91c4ab0f56a92446d5f2ae1f3b80286f50

  • SSDEEP

    12288:7Cgvf6HX8XE3KnCgjUNbkYDLCgvf6HX8X45jgRdJ83:Nf6HX8XE3uUNbkYD9f6HX8X45jOdJs

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 9 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 64 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b7490b28587e081a83f52e2b172e2ba04d780dbe36a0dd7626b5d61e882beab6.exe
    "C:\Users\Admin\AppData\Local\Temp\b7490b28587e081a83f52e2b172e2ba04d780dbe36a0dd7626b5d61e882beab6.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:208
    • C:\Windows\abc.exe
      "C:\Windows\abc.exe"
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:668
      • C:\Windows\Uane's Keylogger.exe
        "C:\Windows\Uane's Keylogger.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:4244
    • C:\Windows\svchost.exe
      "C:\Windows\svchost.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of SetWindowsHookEx
      PID:4604

Network

    No results found
  • 104.109.143.76:443
    tls
    46 B
     71 B
     1
    1
  • 93.184.220.29:80
    322 B
     7
  • 93.184.221.240:80
    322 B
     7
  • 93.184.221.240:80
    322 B
     7
  • 20.42.65.89:443
    322 B
     7
  • 104.80.225.205:443
    322 B
     7
  • 93.184.221.240:80
    260 B
     5
  • 93.184.221.240:80
    322 B
     7
  • 93.184.221.240:80
    322 B
     7
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\COMDLG32.OCX
    Filesize

    137KB

    MD5

    d76f0eab36f83a31d411aeaf70da7396

    SHA1

    9bc145b54500fb6fbea9be61fbdd90f65fd1bc14

    SHA256

    46f4fdb12c30742ff4607876d2f36cf432cdc7ec3d2c99097011448fc57e997c

    SHA512

    9c22bc6b2e7dbcd344809085894b768cfa76e8512062c5bbf3caeaa2771c6b7ce128bd5a0b6e385a5da777d0d822a5b2191773cc0ddb05abe1fa935fa853d79d

    Download Submit

  • C:\Windows\COMDLG32.OCX
    Filesize

    137KB

    MD5

    d76f0eab36f83a31d411aeaf70da7396

    SHA1

    9bc145b54500fb6fbea9be61fbdd90f65fd1bc14

    SHA256

    46f4fdb12c30742ff4607876d2f36cf432cdc7ec3d2c99097011448fc57e997c

    SHA512

    9c22bc6b2e7dbcd344809085894b768cfa76e8512062c5bbf3caeaa2771c6b7ce128bd5a0b6e385a5da777d0d822a5b2191773cc0ddb05abe1fa935fa853d79d

    Download Submit

  • C:\Windows\Uane's Keylogger.exe
    Filesize

    172KB

    MD5

    1cbdcc28e2ce07272c9ebd6d03dc7273

    SHA1

    95abc1b738b153f8dcf7eeec9c5cdb8aa371a510

    SHA256

    844f60a98cf7f979a67d5c96105d65b1f023424bbeec338dc52074a657effd45

    SHA512

    19ea5547d7ac2e4e37b9737a38164efbf0ed8c03ca9b5fcf64461bc64781b1972fd5443290219ddbf07fea63d5e67cac30d84304cf812fc880094927ef802d40

    Download Submit

  • C:\Windows\Uane's Keylogger.exe
    Filesize

    172KB

    MD5

    1cbdcc28e2ce07272c9ebd6d03dc7273

    SHA1

    95abc1b738b153f8dcf7eeec9c5cdb8aa371a510

    SHA256

    844f60a98cf7f979a67d5c96105d65b1f023424bbeec338dc52074a657effd45

    SHA512

    19ea5547d7ac2e4e37b9737a38164efbf0ed8c03ca9b5fcf64461bc64781b1972fd5443290219ddbf07fea63d5e67cac30d84304cf812fc880094927ef802d40

    Download Submit

  • C:\Windows\abc.exe
    Filesize

    447KB

    MD5

    fb02f66f5e094e2a7cad024e0594d46d

    SHA1

    322148d694fc28b1d34c8c47705ac7e5395e5908

    SHA256

    e95989ab812f8361adef90d02c52358983d8d7183697ee1ee816c19a94520fc5

    SHA512

    03ad52baff1aea3d00dae75bf2d0ee643376c32423a0f73eb38543e098821d44073df971cf41e1fe458b69af4b0d6fb88a122c3cd28b350cb04a5754a124a98f

    Download Submit

  • C:\Windows\abc.exe
    Filesize

    447KB

    MD5

    fb02f66f5e094e2a7cad024e0594d46d

    SHA1

    322148d694fc28b1d34c8c47705ac7e5395e5908

    SHA256

    e95989ab812f8361adef90d02c52358983d8d7183697ee1ee816c19a94520fc5

    SHA512

    03ad52baff1aea3d00dae75bf2d0ee643376c32423a0f73eb38543e098821d44073df971cf41e1fe458b69af4b0d6fb88a122c3cd28b350cb04a5754a124a98f

    Download Submit

  • C:\Windows\comdlg32.ocx
    Filesize

    137KB

    MD5

    d76f0eab36f83a31d411aeaf70da7396

    SHA1

    9bc145b54500fb6fbea9be61fbdd90f65fd1bc14

    SHA256

    46f4fdb12c30742ff4607876d2f36cf432cdc7ec3d2c99097011448fc57e997c

    SHA512

    9c22bc6b2e7dbcd344809085894b768cfa76e8512062c5bbf3caeaa2771c6b7ce128bd5a0b6e385a5da777d0d822a5b2191773cc0ddb05abe1fa935fa853d79d

    Download Submit

  • C:\Windows\svchost.exe
    Filesize

    120KB

    MD5

    ff4a48562f770dadc1c430bd53b899c3

    SHA1

    15743f5142ed2a3440eb0693e1b8c91bfb9a6010

    SHA256

    7393d48a6793e9801d5d6471a68d8e91edbcb617a084ff13f6f39695abf57a02

    SHA512

    b5906f88cc2f6672d2bafeb403ceb9c2887e28c6dafe78a6bd6b6757e591afe2a9590b99ee55f481f99cb8ed4dbba938cd8e96e10b8f5a711b58b416df7ccb8f

    Download Submit

  • C:\Windows\svchost.exe
    Filesize

    120KB

    MD5

    ff4a48562f770dadc1c430bd53b899c3

    SHA1

    15743f5142ed2a3440eb0693e1b8c91bfb9a6010

    SHA256

    7393d48a6793e9801d5d6471a68d8e91edbcb617a084ff13f6f39695abf57a02

    SHA512

    b5906f88cc2f6672d2bafeb403ceb9c2887e28c6dafe78a6bd6b6757e591afe2a9590b99ee55f481f99cb8ed4dbba938cd8e96e10b8f5a711b58b416df7ccb8f

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.