Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

ORDER SPEC.scr

windows7-x64

6

ORDER SPEC.scr

windows10-2004-x64

7

Analysis

  • max time kernel
    31s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    12/04/2023, 13:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ORDER SPEC.scr

  • Size

    2.7MB

  • MD5

    6d5c38d39f2e653c9954f44bc113b9fb

  • SHA1

    fa3aa47590e4aaac3c656b4fe114c6f56b76ba20

  • SHA256

    dccdd805ab3a1f31780ce46912cce1356dc12084e46e31aa6208052ddcd95054

  • SHA512

    c60c31be41343b410d66e78be6b59f9c818b216e380023453ff45571f90de68acbb27c76f3f164965b860f70ddbd12e890f2a82f429f19edc24a5e2d8ce32176

  • SSDEEP

    49152:20SnnC+BsY/8q7+gbf+qjw98xyDNGTQmSPcFP9+o:20

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 33 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ORDER SPEC.scr
    "C:\Users\Admin\AppData\Local\Temp\ORDER SPEC.scr" /S
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1920
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ENC cwB0AGEAcgB0AC0AcwBsAGUAZQBwACAALQBzAGUAYwBvAG4AZABzACAAMgAwAA==
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1692
    • C:\Users\Admin\AppData\Local\Temp\ORDER SPEC.scr
      "C:\Users\Admin\AppData\Local\Temp\ORDER SPEC.scr"
      2⤵
        PID:1004
      • C:\Users\Admin\AppData\Local\Temp\ORDER SPEC.scr
        "C:\Users\Admin\AppData\Local\Temp\ORDER SPEC.scr"
        2⤵
          PID:1128
        • C:\Users\Admin\AppData\Local\Temp\ORDER SPEC.scr
          "C:\Users\Admin\AppData\Local\Temp\ORDER SPEC.scr"
          2⤵
            PID:1652
          • C:\Users\Admin\AppData\Local\Temp\ORDER SPEC.scr
            "C:\Users\Admin\AppData\Local\Temp\ORDER SPEC.scr"
            2⤵
              PID:956
            • C:\Users\Admin\AppData\Local\Temp\ORDER SPEC.scr
              "C:\Users\Admin\AppData\Local\Temp\ORDER SPEC.scr"
              2⤵
                PID:1792
              • C:\Users\Admin\AppData\Local\Temp\ORDER SPEC.scr
                "C:\Users\Admin\AppData\Local\Temp\ORDER SPEC.scr"
                2⤵
                  PID:916
                • C:\Users\Admin\AppData\Local\Temp\ORDER SPEC.scr
                  "C:\Users\Admin\AppData\Local\Temp\ORDER SPEC.scr"
                  2⤵
                    PID:1432
                  • C:\Users\Admin\AppData\Local\Temp\ORDER SPEC.scr
                    "C:\Users\Admin\AppData\Local\Temp\ORDER SPEC.scr"
                    2⤵
                      PID:996
                    • C:\Users\Admin\AppData\Local\Temp\ORDER SPEC.scr
                      "C:\Users\Admin\AppData\Local\Temp\ORDER SPEC.scr"
                      2⤵
                        PID:744
                      • C:\Users\Admin\AppData\Local\Temp\ORDER SPEC.scr
                        "C:\Users\Admin\AppData\Local\Temp\ORDER SPEC.scr"
                        2⤵
                          PID:772

                      Network

                      MITRE ATT&CK Enterprise v6

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • memory/1692-67-0x0000000002410000-0x0000000002490000-memory.dmp

                        Filesize

                        512KB

                        Download

                      • memory/1692-63-0x000000001B200000-0x000000001B4E2000-memory.dmp

                        Filesize

                        2.9MB

                        Download

                      • memory/1692-64-0x00000000023E0000-0x00000000023E8000-memory.dmp

                        Filesize

                        32KB

                        Download

                      • memory/1692-66-0x0000000002410000-0x0000000002490000-memory.dmp

                        Filesize

                        512KB

                        Download

                      • memory/1692-65-0x0000000002410000-0x0000000002490000-memory.dmp

                        Filesize

                        512KB

                        Download

                      • memory/1692-68-0x0000000002410000-0x0000000002490000-memory.dmp

                        Filesize

                        512KB

                        Download

                      • memory/1692-69-0x0000000002410000-0x0000000002490000-memory.dmp

                        Filesize

                        512KB

                        Download

                      • memory/1692-70-0x0000000002410000-0x0000000002490000-memory.dmp

                        Filesize

                        512KB

                        Download

                      • memory/1920-55-0x000000001C330000-0x000000001C51C000-memory.dmp

                        Filesize

                        1.9MB

                        Download

                      • memory/1920-56-0x0000000002600000-0x00000000026CA000-memory.dmp

                        Filesize

                        808KB

                        Download

                      • memory/1920-57-0x0000000000E80000-0x0000000000F12000-memory.dmp

                        Filesize

                        584KB

                        Download

                      • memory/1920-58-0x00000000026F0000-0x0000000002770000-memory.dmp

                        Filesize

                        512KB

                        Download

                      • memory/1920-54-0x0000000000F30000-0x00000000011F4000-memory.dmp

                        Filesize

                        2.8MB

                        Download