Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
135s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
20/03/2023, 10:22
Static task
static1
Behavioral task
behavioral1
Sample
12/على الغالي.jpg
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
12/على الغالي.jpg
Resource
win10v2004-20230220-en
General
-
Target
12/على الغالي.jpg
-
Size
96KB
-
MD5
e8fd5307bed9d805ff717701bb587af8
-
SHA1
eb6cfef8d86d4ac24b9716e598e25f0c3bb10014
-
SHA256
da487f022d3f29918561af851962e73e025ca5b769807d9966b25dccd3feb4b4
-
SHA512
389afcef2b3e79bbd9a78632058e18a7d1a9732fc9feb83136181b579e3717cad8cbc202389375529306409a9e7bf8324d675807fcd25774ff19ee69f9dff04a
-
SSDEEP
1536:8WZzurN+aYZkVOP8/yCFIgBIFKbxqF/XF8Go/KzYGPlIK34Eiw7Ak:3irNVUPiIg+F82MywEzx
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\12\على الغالي.jpg"1⤵PID:3512
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5028