Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
2s -
max time network
118s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
05/01/2024, 21:39
General
-
Target
4480282286edf7ff58175f8dba777e30.exe
-
Size
555KB
-
MD5
4480282286edf7ff58175f8dba777e30
-
SHA1
018a46d8121e9dabce3230543e977997e8a9c0ef
-
SHA256
53f099e33b64c7c7953716bd4a5f7b980c745658c7ab6ebe96add4481ca4c5da
-
SHA512
5ccc885f7de27dbcd2a7b56a6467206ba2ae177dd4b3ec94869e0fd7c1e628dc56980ba9f5881a3441349544d7f3fcf675c1a6999e542693344e68964a025b3e
-
SSDEEP
3072:W0ljzq64LHzkQ/Rd6Qq2ZNKzCr2ql31EI2sLbD+RPgJBrI5iAaoTgeuPYV:W0ljjG3Pt2I3LigJBrPQ8g
Malware Config
Signatures
-
Renames multiple (161) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE 2 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory 3 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4480282286edf7ff58175f8dba777e30.exe"C:\Users\Admin\AppData\Local\Temp\4480282286edf7ff58175f8dba777e30.exe"1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\_4480282286edf7ff58175f8dba777e30.exeC:\Users\Admin\AppData\Local\Temp\_4480282286edf7ff58175f8dba777e30.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\sysx32.exeC:\Windows\system32\sysx32.exe /scan2⤵
- Executes dropped EXE
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
MD547dc0b40887a5bb374a57e16fe96e608
SHA148031c58f6472ec94b46c7691db7494d9ce2aa79
SHA256daa5e32ac58f8ebcf4e4c0b7f93df75ce71b131961e95a2af638786a9a9110b2
SHA5122834363575b6a48d5f653916935b146273ff9f2514c52ba3f87cc5bef8916fa2c40c68a755122d6d7f1d5c86fa6051252c2f1b172fbda58fa9e12f72b433bd08
-
Filesize
82KB
MD5ca158ee1f6ab968578d3597b3e9fa8a6
SHA11c6aafc829ff0f46137125e585d385bdf44716f9
SHA256d12c5fff20af73724cc18647425b7c0cb8f6d8e9b1e91cf1fa395725c443f138
SHA512470c27c5ee61b25415bf1567828936861a66110f4288ffebeeac1fc3b1a969c14b9cde0284097a3ac1a2acb3f752f1f017a16dd581f626c33dfdc1ac8b3bfdd3
-
Filesize
40KB
MD511c8e7851d49d8adc423c3a5066d4803
SHA14bb2704a1b75be0c7789cb047a2d4ed6b0a0f9b7
SHA25684cd6d8ec1a487514e87e12144d7c619a0e20681b03136a934cd329b2e8cd3f6
SHA512fee1436c7a3d3bbc6d980c611b4b828d361c9c072efddc58f82a318cf435bd47e26f495e6ef577ffa3f28e574f1a8a2d8123c21416a999fbaebdc4bbe231d49b
-
Filesize
44KB
MD58726440973328a5bbc175227ffffadab
SHA14d7e3389fe2da097bfb2836106d480db6d55f65d
SHA2565ac2440bd6706cefde29509b27b72e3e5b610d982733b0e86897843d86f65fc6
SHA5121e45151055581a1460aecc8f394f234c521a499913cedd735aa10e3274666e4ec42121af4326b7b5632e3aece755c7c64da85e7bc4cca7a0ba813c7578cb870d
-
Filesize
12KB
MD57b557777d9780add7370554e67e4c22b
SHA17b5c8808bd8a680f13e5618c950533e1b084b756
SHA256a2959172fcef16c310ad12fb6aae4c685516780cd6a4f944d62b6a5f8bce03ba
SHA512e051c34fa1b9c8d8ca0f2ff4e81538ff1fe6b167b1163c034ccf033deee7e94849136dbfb43896cde467d1144c633c397fee58a5872c40a5f98497a7884a1414
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB