Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

infinst.exe

windows10-1703-x64

4

infinst.exe

windows10-2004-x64

4

x3daudio1_1.dll

windows10-1703-x64

1

x3daudio1_1.dll

windows10-2004-x64

3

xactengine2_7.dll

windows10-1703-x64

7

xactengine2_7.dll

windows10-2004-x64

7

AutoPlay/D...UP.dll

windows10-1703-x64

4

AutoPlay/D...UP.dll

windows10-2004-x64

4

AutoPlay/D...UP.exe

windows10-1703-x64

4

AutoPlay/D...UP.exe

windows10-2004-x64

4

AutoPlay/D...S.pptx

windows10-1703-x64

1

AutoPlay/D...S.pptx

windows10-2004-x64

1

AutoPlay/D...er.exe

windows10-1703-x64

7

AutoPlay/D...er.exe

windows10-2004-x64

7

AutoPlay/D...32.dll

windows10-1703-x64

4

AutoPlay/D...32.dll

windows10-2004-x64

4

AutoPlay/D...up.exe

windows10-1703-x64

7

AutoPlay/D...up.exe

windows10-2004-x64

7

autorun.exe

windows10-1703-x64

3

autorun.exe

windows10-2004-x64

3

lua5.1.dll

windows10-1703-x64

3

lua5.1.dll

windows10-2004-x64

3

lua51.dll

windows10-1703-x64

3

lua51.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    1588s
  • max time network
    1818s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-es
  • resource tags

    arch:x64arch:x86image:win10-20220812-eslocale:es-esos:windows10-1703-x64systemwindows
  • submitted
    15/02/2023, 04:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    autorun.exe

  • Size

    6.5MB

  • MD5

    62559a99dc475e645926fd06da95b08f

  • SHA1

    51a1d4b2583f23933e36ef725ed88f80a6871a1d

  • SHA256

    c56d5820c25dd2acef7e4e2f47ecd44568255fcc5e3d17bc94ba0a5c9897e446

  • SHA512

    a13d9542efebdcb74c60061ae6cfc13b9ac0d6d7ef54ca171f72ec47a3c934e4a53b68868b1bde49d7aa233456766006cb7ea3fb1deb8cdfec1336b60e839bda

  • SSDEEP

    98304:4t+UD05wK3zmGUN6XT+bwxHR1vj0pgFl6ZauVUeYI2iqoj9ghi1RebM390brVb+:7605wKxUN8DhjXd8UexqojD390brVb+

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\autorun.exe
    "C:\Users\Admin\AppData\Local\Temp\autorun.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:3132
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x3d0
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4856

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3132-118-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-119-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-120-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-121-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-122-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-123-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-124-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-125-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-126-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-127-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-128-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-130-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-129-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-131-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-132-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-133-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-134-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-135-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-137-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-138-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-140-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-141-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-142-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-143-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-145-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-146-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-147-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-149-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-148-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-144-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-139-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-136-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-150-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-151-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-152-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-153-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-154-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-155-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-156-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-158-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-157-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-159-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-161-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-162-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-160-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-163-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-164-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-166-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-167-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-168-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-169-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-165-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-170-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-171-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-172-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-173-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-174-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-175-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-176-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-177-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-179-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-178-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-180-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3132-181-0x0000000077890000-0x0000000077A1E000-memory.dmp

    Filesize

    1.6MB

    Download