Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
158s -
max time network
171s -
platform
windows7_x64 -
resource
win7-20230703-en -
resource tags
-
submitted
09/07/2023, 11:12
General
-
Target
93f1059dac0c6cexeexeexeex.exe
-
Size
126KB
-
MD5
93f1059dac0c6cf2c479fb0082b8abd4
-
SHA1
501bce59628a1bf50bb5c019c0c598d261c00030
-
SHA256
7e72ec0fd0bef70368df45ea039c7f4b8aba55969d99b1e531b65b9356675b86
-
SHA512
2449600547c414d619fb5bc95058a0b89480b8ad9a34b82350a81a213b4c575754747dba0ab65bb20247ac67ea25637a480ae1398fe8306c8b14ee094b04e3e1
-
SSDEEP
1536:gZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAEMqqU+2bbbAV2/S2LNmHks:OBounVyFHFMqqDL2/LgHkc2oYvQd2a
Score
10/10
Malware Config
Signatures
-
GandCrab payload 2 IoCs
-
Gandcrab
Gandcrab is a Trojan horse that encrypts files on a computer.
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Enumerates connected drives 3 TTPs 24 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\93f1059dac0c6cexeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\93f1059dac0c6cexeexeexeex.exe"1⤵
- Adds Run key to start application
- Enumerates connected drives
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
108KB
-
Filesize
108KB