Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-01-18...uk.exe

windows7-x64

1

2024-01-18...uk.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    205s
  • max time network
    214s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/01/2024, 23:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-18_9c981a99a20d55fe5b8ebc4ed3f34a54_ryuk.exe

  • Size

    2.2MB

  • MD5

    9c981a99a20d55fe5b8ebc4ed3f34a54

  • SHA1

    fadc6597ab077b0e88c8775559b874be2fc181f8

  • SHA256

    b5f80119a5e854adb02bd1ca88279719e914d0bde223b4794d8c05b93b17bb37

  • SHA512

    d6cbffc9d9142248262d33e0c0044e16aebf7fddba0bf7efe37b407ad4f3850042c93ae55842450151f6ad4088c1ce66278c0583fe01c4bd7905f07188513182

  • SSDEEP

    24576:pOObVw4TaN1wdkukCba4oXtgLhU3wEdmh58VVg9N9JMlDlfjRiVuVsWt5MJMs:pOOh3aN4kuLbegmtG+gFIDRRAubt5M

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 7 IoCs
  • Drops file in System32 directory 8 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Modifies data under HKEY_USERS 5 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-18_9c981a99a20d55fe5b8ebc4ed3f34a54_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-18_9c981a99a20d55fe5b8ebc4ed3f34a54_ryuk.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2892
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    PID:2688
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    PID:1832
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:3796
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:4860
    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:4676
    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:4488
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      PID:5076
    • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
      "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
      1⤵
      • Executes dropped EXE
      PID:2044

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      Filesize

      2.1MB

      MD5

      8388c29e175019a2b3fcc3dff1b2687a

      SHA1

      90c451564f8613aae1d12ea7599deb9a2b25b0e9

      SHA256

      e32b04e8510d210a497366eb48ef32cc08b789adf0d2cf44b43e50a2ac509e06

      SHA512

      5512b642a66caa6b1e4074bb85fbc10c6f640056e625f47a1c048e3f791c7b5c499928126d2eb8e73ad21054332efd62be6c630eb6b9d52a4f92a786deef1a19

      Download Submit

    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      Filesize

      1.5MB

      MD5

      19d7ebadf8d573e93eaeaded6748737c

      SHA1

      c21f93391242728c2ea71e954dea7240b1c2eb2d

      SHA256

      f06c39a209ca682b085e59b4c8dd29537079eaed3ec265460dc4f1a2d4116fcc

      SHA512

      d1a5a635e48b2a86f8e8b7623170b7a5544eb694f6069ea7f80ca140dcecda7ba8af26edc78f35b5264ebedf81536720e8c06364b9ef572c58352d30d16a7dd9

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
      Filesize

      1.5MB

      MD5

      67ceb49e8aad390848a53ded40760496

      SHA1

      562fe64043567064f22e2e9345ea195ce23a10ca

      SHA256

      50e30c25fad81b17641aa8a064605d63c400c826c58d088c1fae2574b6942599

      SHA512

      79e9fc6cf47700ac43ff8f42874c3ac33467e23146e5a10074cf193f27f85286c13e77343b87eacba73e5d764b52ce082f7cd109905fe02bf33015ec8243ddcc

      Download Submit

    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      Filesize

      2.1MB

      MD5

      234831eedc34fb078f9161a6640ef45e

      SHA1

      456898ebce60d7fa45421c0d06ef22d88a1ce53d

      SHA256

      180ae52dc31e2a7eee4b321ee9f8e3cf6f16fc3c754276fe0ec6f597216dd5d7

      SHA512

      d89833ae7de7236056b698bffd6a44e15a55d4a80e66fb82c823ca80e1db309eb8c2c1fb007a836825917ba71280ac8401298d50871136b13ef447b78923a692

      Download Submit

    • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
      Filesize

      1.3MB

      MD5

      2210277644131e1298e25d88c3f42728

      SHA1

      06e7de861346708311cb9b8592bf3188ddac45b4

      SHA256

      c016ca0314190ebc0266894aa9364f5e54cbb40b14bbd7bd0548bc7791c347bb

      SHA512

      9b1b9cf5d187b79cff9009c1d5b4646ffc3b3e4050bde5bcdc4200a5880e4b324801691189ea28f15b4b6fc18e19ca3a5e8cc2acaf5c5a012e97bb71f51cd82a

      Download Submit

    • C:\Windows\System32\FXSSVC.exe
      Filesize

      1.2MB

      MD5

      ed1ccf4b16aaff7000c87ed9678c7808

      SHA1

      6e4c912bd60975559a9e46b238910c87518f79f7

      SHA256

      a5051c0586b00935f8097bb9929c109c011dbbefbd297ec073f6380dbf7f1dce

      SHA512

      47b820ab705076ecdff6aa96ea9f730e861b4862842a0005c30e729a7c1ede8421d9870e376a412ac7d287c94a72e32169a88e76b1ef999807818e4634d661ed

      Download Submit

    • C:\Windows\System32\alg.exe
      Filesize

      1.3MB

      MD5

      6f1d58f855513bd0d479e440cea96fc6

      SHA1

      8cc63e6acf9db2962c8d047dd00a4fce12fc8177

      SHA256

      6935f6fc30e7a933532612ec13b5f419b999841a01f7cd13a5b5899dbac1cb90

      SHA512

      365c4560050f66330cb6f8d2cd4ff5f6a422450df8e2cc2dbeba4dd151b7255751f0249a697a7506190c25ca044b1d38c0384ac4dd16fe870cb4290b64f1dd77

      Download Submit

    • C:\Windows\system32\AppVClient.exe
      Filesize

      1.3MB

      MD5

      b2a73a1ed90e37942ea60aea4e978697

      SHA1

      54962fbbe773b25b8fb34442431198b6f56843b9

      SHA256

      62258511e06af321d9a409734d0dcee43b5e30f145de91fbc123303394a7320f

      SHA512

      31378ec48cb0a11679f8b035bebd574ed5d4d16f850d96c7e86f885eec7e3835f906aa984f086ca33d3362a35472ad4b6b27558581580107936b136d6f498813

      Download Submit

    • memory/1832-18-0x00000000004C0000-0x0000000000520000-memory.dmp

      Filesize

      384KB

      Download

    • memory/1832-29-0x0000000140000000-0x000000014015C000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/1832-24-0x00000000004C0000-0x0000000000520000-memory.dmp

      Filesize

      384KB

      Download

    • memory/1832-17-0x0000000140000000-0x000000014015C000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/2044-87-0x0000000000420000-0x0000000000480000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2044-81-0x0000000140000000-0x0000000140182000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/2044-225-0x0000000140000000-0x0000000140182000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/2044-80-0x0000000000420000-0x0000000000480000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2688-13-0x0000000140000000-0x000000014015D000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/2688-28-0x0000000140000000-0x000000014015D000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/2892-27-0x0000000140000000-0x0000000140248000-memory.dmp

      Filesize

      2.3MB

      Download

    • memory/2892-1-0x0000000140000000-0x0000000140248000-memory.dmp

      Filesize

      2.3MB

      Download

    • memory/2892-36-0x0000000140000000-0x0000000140248000-memory.dmp

      Filesize

      2.3MB

      Download

    • memory/2892-8-0x0000000000710000-0x0000000000770000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2892-0-0x0000000000710000-0x0000000000770000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4488-128-0x0000000140000000-0x000000014022B000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/4488-53-0x0000000140000000-0x000000014022B000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/4488-60-0x00000000001A0000-0x0000000000200000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4488-59-0x00000000001A0000-0x0000000000200000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4488-52-0x00000000001A0000-0x0000000000200000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4676-41-0x0000000000C60000-0x0000000000CC0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4676-48-0x0000000000C60000-0x0000000000CC0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4676-40-0x0000000140000000-0x0000000140237000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/4676-125-0x0000000140000000-0x0000000140237000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/4860-37-0x0000000140000000-0x0000000140135000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/4860-32-0x0000000140000000-0x0000000140135000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/5076-74-0x0000000000C00000-0x0000000000C60000-memory.dmp

      Filesize

      384KB

      Download

    • memory/5076-71-0x0000000000C00000-0x0000000000C60000-memory.dmp

      Filesize

      384KB

      Download

    • memory/5076-78-0x0000000140000000-0x000000014017D000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/5076-64-0x0000000000C00000-0x0000000000C60000-memory.dmp

      Filesize

      384KB

      Download

    • memory/5076-66-0x0000000140000000-0x000000014017D000-memory.dmp

      Filesize

      1.5MB

      Download