Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3911d8371f...70.exe

windows7-x64

7

3911d8371f...70.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 14:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3911d8371fd6fe478d4c2f7cbb85b170.exe

  • Size

    109KB

  • MD5

    3911d8371fd6fe478d4c2f7cbb85b170

  • SHA1

    1ad4518dc51a50f64121cd96e040889824b8e42f

  • SHA256

    1e9fbae11533c0c0a4b23bcc2cd310a5de0116c4515a44506b9c369a7d02a222

  • SHA512

    391f0162c017ac3bf6bdc86504ad020957d03a6aa9f186737bd4a1c43027a87d83cfa66d1b7eaa1706760a9262b4f29760b159d9a8c3689dba99e532fe2fb444

  • SSDEEP

    1536:+06F3hjSDjxe78yJZuP5+ILpBrv7Xv/+WS7lwS6arF5nfOHcGDW4l/rQqHs7:V6ie782ZIPLpBvXnV0lwormHcGK4+yW

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3911d8371fd6fe478d4c2f7cbb85b170.exe
    "C:\Users\Admin\AppData\Local\Temp\3911d8371fd6fe478d4c2f7cbb85b170.exe"
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:2488
    • C:\Windows\SysWOW64\svchost.exe
      svchost.exe
      2⤵
      • Deletes itself
      • Suspicious use of WriteProcessMemory
      PID:3008
      • C:\Windows\SysWOW64\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\3911d8371fd6fe478d4c2f7cbb85b170.txt
        3⤵
        • Opens file in notepad (likely ransom note)
        PID:2712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\3911d8371fd6fe478d4c2f7cbb85b170.txt
    Filesize

    5B

    MD5

    43fb2705d9766ea761f934981936503f

    SHA1

    c9589c81355baab345cd121a76dcd743d65e131c

    SHA256

    766a90366e6cac315d05afc9c97dcd6206a7f66da260dd41d209bb6ad13947e0

    SHA512

    ebf82587e4a8dad580b0c6c6959c73315c584cea82c41c073aab41854a44027fbc63d3f360651e726bfe71bc9e99a1b803574715e63d462f90182291ce3dfbf4

    Download Submit

  • memory/2488-0-0x0000000000580000-0x00000000005A0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2488-2-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/3008-1-0x0000000000030000-0x0000000000038000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3008-3-0x0000000000030000-0x0000000000038000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3008-4-0x0000000000090000-0x0000000000097000-memory.dmp

    Filesize

    28KB

    Download

  • memory/3008-6-0x00000000001A0000-0x0000000000220000-memory.dmp

    Filesize

    512KB

    Download

  • memory/3008-12-0x00000000001A0000-0x0000000000220000-memory.dmp

    Filesize

    512KB

    Download