Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

sam.exe

windows7-x64

7

sam.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    328s
  • max time network
    330s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    09/03/2023, 11:32 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sam.exe

  • Size

    568KB

  • MD5

    7da9a59efd9d978586404578467083d7

  • SHA1

    12ff86fd2ddb151402c8e9dfc370037eed352bb0

  • SHA256

    f5cde3a76c1677ec3bccb2994b16a4bb643e4cd1ca23c7732c23f7ab8f9e3d86

  • SHA512

    5803e613fadaa0d7d0fa612e49b89956c48869a2b36daa9faf1ed4669b5c9af9cacba51b22d76d8d71b53ddc6e1516bc80b6c84b014dc2b625a351be47746d44

  • SSDEEP

    12288:uEYwyEZGINxj3gywljdvPM6gxdZoNFptVtxIw85EU:uEdymGI3j38pd3M60dZuvhr1U

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\sam.exe
    "C:\Users\Admin\AppData\Local\Temp\sam.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    PID:1920

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsy27DE.tmp\System.dll
    Filesize

    11KB

    MD5

    960a5c48e25cf2bca332e74e11d825c9

    SHA1

    da35c6816ace5daf4c6c1d57b93b09a82ecdc876

    SHA256

    484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2

    SHA512

    cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.