Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

7f0d560ba4...97.exe

windows7-x64

10

7f0d560ba4...97.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/01/2024, 05:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7f0d560ba461f552ea079c1e8e1e9597.exe

  • Size

    438KB

  • MD5

    7f0d560ba461f552ea079c1e8e1e9597

  • SHA1

    18d46ac48d1c4e6ba873f0b3b4f2049c8b3b77c4

  • SHA256

    73c846a0f8625e95ae1ccb50fe41ada93bf891329beb9f21c2e920d77c014005

  • SHA512

    c1817cbaa8bef2d4b9e9909082b13d295f6628f7b7d6dc1780860d321216cc729bc42b5dd86f2191526fc030ebd924e00158b8ceca724d7a36da45089ebe5e79

  • SSDEEP

    6144:382p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBwNe:Tp4pNfz3ymJnJ8QCFkxCaQTOlOb

Score
10/10
persistenceransomware

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Renames multiple (93) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops startup file 2 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 2 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 3 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7f0d560ba461f552ea079c1e8e1e9597.exe
    "C:\Users\Admin\AppData\Local\Temp\7f0d560ba461f552ea079c1e8e1e9597.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops startup file
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    PID:1988

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1268429524-3929314613-1992311491-1000\desktop.ini.exe
    Filesize

    438KB

    MD5

    a3626780de9a858e42bbbf1ac82da6cd

    SHA1

    c5f76bd333c1475dd754ec435d6d67c16dcf5d7c

    SHA256

    6fb5e5215d048588b648211f9275eb911006f971cd143a2d3d7a316f3bf10066

    SHA512

    335bbe0090dc50b833fdac75363af7c26ad700573d8738f79eac65e79cfcd0180016d9053d92d5a7f0d5258b35b51a48ad2b1b71340e9767fb9b79cca67ed940

    Download Submit

  • C:\Program Files (x86)\Internet Explorer\iexplore.exe.exe
    Filesize

    1.2MB

    MD5

    4a2dcabc915c647d3af8bbf11f8fb10e

    SHA1

    663f4d56f6bff65925a20907a06b651b24d8eb17

    SHA256

    16228f82b3850ff0505651ae37289eb67d68ae699dff2f3e2b2bbd1ccac648b6

    SHA512

    2006d7430f15f75c847bba19fdb16835542c7fd2765d5aabdd2845a405ac7f02a36a813da57e7913fc599b39cb79e97e7fe56390600f390c4d476ee36c90dd41

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
    Filesize

    1KB

    MD5

    17dcd022cde0c7ab355959896fd0c555

    SHA1

    4010b46e55b0ae0b16266b0287e80283d785157b

    SHA256

    98f14638d220ab400e126044a27270525e96321163f8262e0a82c6d234197f6d

    SHA512

    e97608c48545ad7345aa36887847988b3fc9b074abfa64f2ea244f6195dcc7d7c121c2fce9c769ae43daf473e6b6b13008a966f8a25141423f4e1676eacb8431

    Download Submit

  • F:\AUTORUN.INF
    Filesize

    145B

    MD5

    ca13857b2fd3895a39f09d9dde3cca97

    SHA1

    8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

    SHA256

    cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

    SHA512

    55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

    Download Submit

  • memory/1988-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1988-230-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download