Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

c08afba3e6...ab.exe

windows7-x64

7

c08afba3e6...ab.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    79s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/03/2023, 20:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c08afba3e6e228ae24ed6f804e6504652304911ce17832a7e2d5461a4205c3ab.exe

  • Size

    15.1MB

  • MD5

    5ebc8712cb5398a5d3823cbd282ffe92

  • SHA1

    4e57d905dda19460ea16694b8e7f950512d00bc9

  • SHA256

    c08afba3e6e228ae24ed6f804e6504652304911ce17832a7e2d5461a4205c3ab

  • SHA512

    515877628db791bdcf5460c8f9b850cfde2baef198fb21bac2b3c7d0d1e9cfb869b528401210e9d8dfaa477935b1565e45d82398a4e57f72456495cc20180057

  • SSDEEP

    393216:fDoPbTkg8DQvIYALRYEpgt0d1ftbXde+QNEY6ht0pDCAF:f+beQvIYALRY4g0bd3Q5i0pDCAF

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\c08afba3e6e228ae24ed6f804e6504652304911ce17832a7e2d5461a4205c3ab.exe
    "C:\Users\Admin\AppData\Local\Temp\c08afba3e6e228ae24ed6f804e6504652304911ce17832a7e2d5461a4205c3ab.exe"
    1⤵
    • Loads dropped DLL
    PID:5040

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsl65C4.tmp\AdvSplash.dll
    Filesize

    6KB

    MD5

    5c8304d47b05d5c517c00ec1074cb156

    SHA1

    def02fe16f79b78890d4794e176052bf88c0bb5f

    SHA256

    9ca143d49f17c5ae59b09be70e683002b6e9af1196258f8b76b718b091bc9ee6

    SHA512

    51b5b716d78804bbc957822555e2462b6b0b499044674d278d422e2917928d0823c27fa1dec69d0905dc651388c4d67551bbc806ac2da6ff3b87caf0018158d8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsl65C4.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    f62d03fcb1473110e920a9bb2c701006

    SHA1

    c48444ef2daa60dcdf91f1645cd4ecd8e66545f7

    SHA256

    17e2f205af12d5a86638dc83c95fc69199c41af2fa6daeb1e91ec330f68c5372

    SHA512

    701d531d405d08054d53298141d5bbd56e74df7b22bcea5f9f0e5c4407421ea0ca9617aa84e740dc1dc44e6d14e58852c1ca2087213cc2319f2da44eaed0bc05

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsl65C4.tmp\ioSpecial.ini
    Filesize

    689B

    MD5

    62eaf81e23b37fe0c1bad570628cf065

    SHA1

    2579ae55d1dad2d55982efaf92d56700e90087a3

    SHA256

    96ea32a98fe54225edc4d30498724ae7066e41a15320700d48c93428ae0b9c5c

    SHA512

    f9518adfdc26f14d72a111e39ebb43ca95a81cd659aa0bada3dfa09641bf7202e883c2f09eea8902dfbfe41204e4e99792a1f9a03141d850bea42022602f784e

    Download Submit