Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

220eb326bc...1c.exe

windows7-x64

7

220eb326bc...1c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    99s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    06/12/2022, 12:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    220eb326bc70df2c0a473834d0f677028c2e1b2768267f90774f678d970ccb1c.exe

  • Size

    9.9MB

  • MD5

    e087256127583df071c59d35e46cdd3e

  • SHA1

    67077e8a993ae502a0c972210cd4524893fb9b88

  • SHA256

    220eb326bc70df2c0a473834d0f677028c2e1b2768267f90774f678d970ccb1c

  • SHA512

    c03455172f76573a917767dbeb81881d6895fb598bdb414e8834ce4c10b5e28cedec911301ad0c3f1de484f5d88a45cca8ccb9250f14df9dc496731a8121a1ae

  • SSDEEP

    196608:cIWMROFa13hQcPLLyrndvfKCcdGJnJ4cWq9mKD:CyOFIhxvQnRfKXG5UI

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\220eb326bc70df2c0a473834d0f677028c2e1b2768267f90774f678d970ccb1c.exe
    "C:\Users\Admin\AppData\Local\Temp\220eb326bc70df2c0a473834d0f677028c2e1b2768267f90774f678d970ccb1c.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:1452

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nso792.tmp\Codejock.cjstyles
    Filesize

    1.3MB

    MD5

    6daada4b8d7ae20896d601d189880601

    SHA1

    7ce6e2cf2f8d21a2241feafe704c42e78527c6ae

    SHA256

    9bc80ce244a42af3e4c539bd131e71dc97cf258b90667e538b4fd08ff98665c5

    SHA512

    3e23ecfe48d23976230c6e83b0b0f894ad25d9f150811b2487f9a88e0a234e947842303e0d577da016ad285442f58b970736f5bc4779c8d61aa482934a455704

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso792.tmp\ISSkinEx.dll
    Filesize

    379KB

    MD5

    a80a2c59aad01a5bd369d479f4f3cf3d

    SHA1

    c01b281cdaeba9f468c18185e6f01f78a0abf287

    SHA256

    282f40ed72cfc801ef88ab72a80c8824957aa554ece3b74842b48ecedfcf4755

    SHA512

    db67c30e07245e1e0ee5514faf35f6fdfd94a2884cdf82f7daba1eac571067448483b5564f758e273a57ae020941322c2174827ffef1915fc37a74f0fda2d39d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso792.tmp\System.dll
    Filesize

    16KB

    MD5

    cd9cc9fa5bf495f4e22a94836ae5c858

    SHA1

    7047c611d1ab61ec5617c75b4ea9364a51aaacd2

    SHA256

    185a185695b171cfe22a603cda9902cdb80455ad8655fb3d2e5ffb8a5599e7ef

    SHA512

    dcb435a8e1201c0ee82cd9f0c0c7792c4512ded10d8149fe4f7e13abe153a50da3fa388d7b3b3451875e47c05bc25cd9a12e0e83817b1954247d13fdd9db9067

    Download Submit

  • memory/1452-54-0x0000000076941000-0x0000000076943000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1452-57-0x00000000756C0000-0x000000007575D000-memory.dmp

    Filesize

    628KB

    Download

  • memory/1452-58-0x00000000757D0000-0x0000000075870000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1452-59-0x0000000076940000-0x000000007758A000-memory.dmp

    Filesize

    12.3MB

    Download

  • memory/1452-60-0x0000000077590000-0x00000000775E7000-memory.dmp

    Filesize

    348KB

    Download

  • memory/1452-61-0x0000000075FF0000-0x000000007614C000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1452-62-0x0000000075DB0000-0x0000000075E3F000-memory.dmp

    Filesize

    572KB

    Download

  • memory/1452-63-0x00000000762B0000-0x000000007644D000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1452-64-0x0000000074F40000-0x0000000075035000-memory.dmp

    Filesize

    980KB

    Download

  • memory/1452-65-0x0000000010000000-0x0000000010064000-memory.dmp

    Filesize

    400KB

    Download

  • memory/1452-66-0x0000000074E20000-0x0000000074F3C000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1452-67-0x0000000074D90000-0x0000000074E1C000-memory.dmp

    Filesize

    560KB

    Download

  • memory/1452-68-0x0000000074D50000-0x0000000074D82000-memory.dmp

    Filesize

    200KB

    Download

  • memory/1452-70-0x00000000757D0000-0x0000000075870000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1452-69-0x0000000075780000-0x00000000757AA000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1452-72-0x0000000077590000-0x00000000775E7000-memory.dmp

    Filesize

    348KB

    Download

  • memory/1452-71-0x0000000076940000-0x000000007758A000-memory.dmp

    Filesize

    12.3MB

    Download

  • memory/1452-73-0x00000000752C0000-0x000000007545E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1452-74-0x0000000075FF0000-0x000000007614C000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1452-75-0x00000000752B0000-0x00000000752B9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/1452-78-0x0000000075DB0000-0x0000000075E3F000-memory.dmp

    Filesize

    572KB

    Download

  • memory/1452-79-0x00000000762B0000-0x000000007644D000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1452-80-0x0000000077680000-0x0000000077703000-memory.dmp

    Filesize

    524KB

    Download

  • memory/1452-81-0x0000000074F40000-0x0000000075035000-memory.dmp

    Filesize

    980KB

    Download

  • memory/1452-82-0x00000000751C0000-0x000000007520C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/1452-83-0x0000000075160000-0x000000007518E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1452-84-0x0000000010000000-0x0000000010064000-memory.dmp

    Filesize

    400KB

    Download

  • memory/1452-85-0x0000000074D50000-0x0000000074D82000-memory.dmp

    Filesize

    200KB

    Download

  • memory/1452-86-0x0000000074CD0000-0x0000000074D09000-memory.dmp

    Filesize

    228KB

    Download

  • memory/1452-87-0x0000000074C90000-0x0000000074CC6000-memory.dmp

    Filesize

    216KB

    Download

  • memory/1452-88-0x00000000756C0000-0x000000007575D000-memory.dmp

    Filesize

    628KB

    Download

  • memory/1452-89-0x00000000757D0000-0x0000000075870000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1452-90-0x0000000077590000-0x00000000775E7000-memory.dmp

    Filesize

    348KB

    Download

  • memory/1452-91-0x00000000752C0000-0x000000007545E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1452-93-0x0000000075DB0000-0x0000000075E3F000-memory.dmp

    Filesize

    572KB

    Download

  • memory/1452-94-0x00000000762B0000-0x000000007644D000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1452-95-0x0000000076280000-0x00000000762A7000-memory.dmp

    Filesize

    156KB

    Download

  • memory/1452-96-0x0000000077680000-0x0000000077703000-memory.dmp

    Filesize

    524KB

    Download

  • memory/1452-97-0x0000000074F40000-0x0000000075035000-memory.dmp

    Filesize

    980KB

    Download

  • memory/1452-98-0x0000000075160000-0x000000007518E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1452-99-0x0000000010000000-0x0000000010064000-memory.dmp

    Filesize

    400KB

    Download

  • memory/1452-100-0x0000000074D90000-0x0000000074E1C000-memory.dmp

    Filesize

    560KB

    Download

  • memory/1452-103-0x00000000757D0000-0x0000000075870000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1452-102-0x0000000074CD0000-0x0000000074D09000-memory.dmp

    Filesize

    228KB

    Download

  • memory/1452-104-0x0000000077590000-0x00000000775E7000-memory.dmp

    Filesize

    348KB

    Download

  • memory/1452-108-0x00000000762B0000-0x000000007644D000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1452-105-0x00000000752C0000-0x000000007545E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1452-101-0x0000000074D50000-0x0000000074D82000-memory.dmp

    Filesize

    200KB

    Download

  • memory/1452-109-0x0000000077680000-0x0000000077703000-memory.dmp

    Filesize

    524KB

    Download

  • memory/1452-106-0x00000000752B0000-0x00000000752B9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/1452-110-0x0000000074F40000-0x0000000075035000-memory.dmp

    Filesize

    980KB

    Download

  • memory/1452-111-0x00000000751C0000-0x000000007520C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/1452-112-0x0000000075160000-0x000000007518E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1452-114-0x0000000074D90000-0x0000000074E1C000-memory.dmp

    Filesize

    560KB

    Download

  • memory/1452-116-0x0000000074CD0000-0x0000000074D09000-memory.dmp

    Filesize

    228KB

    Download

  • memory/1452-118-0x00000000756C0000-0x000000007575D000-memory.dmp

    Filesize

    628KB

    Download

  • memory/1452-119-0x00000000757D0000-0x0000000075870000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1452-121-0x00000000752C0000-0x000000007545E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1452-120-0x0000000077590000-0x00000000775E7000-memory.dmp

    Filesize

    348KB

    Download

  • memory/1452-122-0x00000000752B0000-0x00000000752B9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/1452-125-0x0000000075DB0000-0x0000000075E3F000-memory.dmp

    Filesize

    572KB

    Download

  • memory/1452-117-0x0000000074C90000-0x0000000074CC6000-memory.dmp

    Filesize

    216KB

    Download

  • memory/1452-115-0x0000000074D50000-0x0000000074D82000-memory.dmp

    Filesize

    200KB

    Download

  • memory/1452-113-0x0000000010000000-0x0000000010064000-memory.dmp

    Filesize

    400KB

    Download