Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

Songbird_1...c8.exe

windows7-x64

3

Songbird_1...c8.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    167s
  • max time network
    32s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    06/01/2023, 19:28 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Songbird_1.0.0-860_windows-i686-msvc8.exe

  • Size

    11.8MB

  • MD5

    55a205c15d51498e90d090e6da5c6238

  • SHA1

    c036e74eb9e7411485e6c02434cd8476148a0019

  • SHA256

    6ec3d68738e469969f1a7c1c4c1ce23da6c7709c585949d76dfacd7e70c80496

  • SHA512

    9fd8860acb44b9e55bcd7c95f5e1cffb4b318d1602f7777e384b8d1271ea6b4dde321aeea91b7cea561d57a2784b24f50b013b655f8f64cea0172e51b18eefe8

  • SSDEEP

    196608:OZMBj9E8EkBtxRQqEaTM0tYmm+AmzJ/J8pSFefUkoCXMFDSifRAmcYH+MojBxgmo:OZkjfEI8qEaTNiH+AGapSW3o5Si2YeMf

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Songbird_1.0.0-860_windows-i686-msvc8.exe
    "C:\Users\Admin\AppData\Local\Temp\Songbird_1.0.0-860_windows-i686-msvc8.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    PID:952

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/952-54-0x0000000075511000-0x0000000075513000-memory.dmp

    Filesize

    8KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.