Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

1

b182a0b9f7...95.exe

windows7-x64

9

b182a0b9f7...95.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    92s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/12/2022, 00:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b182a0b9f7aaac1a0129a6a21c1b29f0f2ce99cfb0b7de6922d922f9d4067695.exe

  • Size

    107KB

  • MD5

    a8b27e2851c66b2bedf526a190ff5b18

  • SHA1

    83c7b396b31394e099ceece18663c7b54bcefb24

  • SHA256

    b182a0b9f7aaac1a0129a6a21c1b29f0f2ce99cfb0b7de6922d922f9d4067695

  • SHA512

    f48162fb2a4f7441097eace0bd71becf0691b508313d30a7b03e154f0058d24eefa3f9ad7bfdd954857c8ee377ece9f6c37b287f8c7441fd9905b86eaef73c9c

  • SSDEEP

    3072:IgXdZt9P6D3XJbCqPVTMF+LGT02bVcu+HZN+p5Z:Ie344Sio0fbVc5HZN+p5Z

Score
9/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b182a0b9f7aaac1a0129a6a21c1b29f0f2ce99cfb0b7de6922d922f9d4067695.exe
    "C:\Users\Admin\AppData\Local\Temp\b182a0b9f7aaac1a0129a6a21c1b29f0f2ce99cfb0b7de6922d922f9d4067695.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1684
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\miniloader.dll",Install C:\Users\Admin\AppData\Local\Temp\activate.dat
      2⤵
      • Loads dropped DLL
      PID:2376
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 580
        3⤵
        • Program crash
        PID:4216
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2376 -ip 2376
    1⤵
      PID:1712

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\miniloader.dll
      Filesize

      76KB

      MD5

      a3fa5c73d9efda1ac7f9b70d08387e46

      SHA1

      900af6dc41e846ce84e5e692b53f732aadcc074e

      SHA256

      c30c903a0b7068ab021af249c762e56aff6778c85957b397892c1aa7bc6332b5

      SHA512

      e1b6d46be75ce15ca46ee2740e39cdb1a292faf1c31b907f9a8c509e4207931b597ccc24cde9b0b56341cc69caba8da4e5ec1c6840c84097bd07c9af2cec6b5d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\miniloader.dll
      Filesize

      76KB

      MD5

      a3fa5c73d9efda1ac7f9b70d08387e46

      SHA1

      900af6dc41e846ce84e5e692b53f732aadcc074e

      SHA256

      c30c903a0b7068ab021af249c762e56aff6778c85957b397892c1aa7bc6332b5

      SHA512

      e1b6d46be75ce15ca46ee2740e39cdb1a292faf1c31b907f9a8c509e4207931b597ccc24cde9b0b56341cc69caba8da4e5ec1c6840c84097bd07c9af2cec6b5d

      Download Submit

    • memory/2376-135-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

      Download