Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

document_A..._2.zip

windows7-x64

1

document_A..._2.zip

windows10-2004-x64

1

document_A...n_2.js

windows7-x64

1

document_A...n_2.js

windows10-2004-x64

10

Resubmissions

02/06/2023, 13:35

230602-qvz97sbf23 10

02/06/2023, 13:33

230602-qtmygsbe97 10

Analysis

  • max time kernel
    180s
  • max time network
    60s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    02/06/2023, 13:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    document_A614_Jun_2.zip

  • Size

    1KB

  • MD5

    2fe59c7115b258f111be4777ab0fbd6e

  • SHA1

    0e6c39f865401ff5a62505aa37128c87897111a9

  • SHA256

    e0e130031ddaebb509d8d90a35250a521e074a1d2be5b7d6ff5aad66422a3898

  • SHA512

    1e1943f77c3d0408ac4b242cdcc002720bd7cc208c2e71c4bd87b14ece03b1e62a11aa4a21a8641de9b967b8f661bdf17e9861428e4ef0473b88eaef81734bc2

Score
1/10

Malware Config

Signatures

  • Opens file in notepad (likely ransom note) 2 IoCs
    ransomware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\document_A614_Jun_2.zip
    1⤵
      PID:1536
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:860
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x4bc
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:660
      • C:\Windows\System32\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_document_A614_Jun_2.zip\document_A614_Jun_2.js"
        1⤵
          PID:1316
        • C:\Windows\System32\Notepad.exe
          "C:\Windows\System32\Notepad.exe" C:\Users\Admin\Desktop\document_A614_Jun_2.js
          1⤵
          • Opens file in notepad (likely ransom note)
          PID:268
        • C:\Windows\System32\WScript.exe
          "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\document_A614_Jun_2.js"
          1⤵
            PID:432
          • C:\Windows\System32\Notepad.exe
            "C:\Windows\System32\Notepad.exe" C:\Users\Admin\Desktop\document_A614_Jun_2.js
            1⤵
            • Opens file in notepad (likely ransom note)
            PID:1760

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads