Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
06/01/2023, 19:27
Behavioral task
behavioral1
Sample
RamBooster20_US.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
RamBooster20_US.exe
Resource
win10v2004-20221111-en
General
-
Target
RamBooster20_US.exe
-
Size
372KB
-
MD5
3468052f3cc1fb4188e50ecde64fe4a3
-
SHA1
c9283b90e663ffa6326c795c2fbc8ce55cc73ea1
-
SHA256
d22dc7de67804b64eef3d87faa0fdd7ad394972c92f68300c18a67a5bc0c3124
-
SHA512
619b98313948321ff8562a4f8356baa8802f3edc9b22e02bfd223ed9c8183fd947810d34b6fa4dda98385088f06aed2f45fce51ff70e6354606353c2d25615f7
-
SSDEEP
6144:QF6S1nK5J8PoyYER2nKGcZr+UZ11Kr71RdS3XcStRgVQbMmTDPpbIVODCqnFRcB:QF11K5J8QyY+dG8+UZ1Yr79SXTbMsDPY
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/1208-55-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1208-59-0x0000000000400000-0x000000000042A000-memory.dmp upx -
Loads dropped DLL 1 IoCs
pid Process 1208 RamBooster20_US.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
31KB
MD53c8115df78f2aa5b9cb39da770a84437
SHA13352b358b41ad8169994f6a7b836405941af1b82
SHA256011e92e868f1f09904bef59b46972c318c2867c279380182e23bc1fd7eaf1d11
SHA5122a8a80317da72e8ca33cafbdffe0b5c44eedc9549cd7d2483197c36ad4f6c27be0ae3d61f537574aa404c8f23fe0009be9b30ea921550092ad5ad041a8fb4d20