Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

8d4c8ff1e3...41.exe

windows7-x64

10

8d4c8ff1e3...41.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    03/02/2024, 20:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8d4c8ff1e3c0929b81020073df656a41.exe

  • Size

    7.2MB

  • MD5

    8d4c8ff1e3c0929b81020073df656a41

  • SHA1

    8b15ade3540f648999e13378c96ed5e42c8ac681

  • SHA256

    4f24c1311642003c237780de49f39f46ceb450411490335a8048c36b9198053c

  • SHA512

    a9d913b6cbd6badb836d1cc93342c72401b88a57afbda24f1862fd28153bf99276cd3517c441d2792ce332b8a50be2178986d0dc3f122834bd2be931f413dc8a

  • SSDEEP

    49152:Kwi0L0q+wi0L0qRKqFYhrRB8NIMI8Sfpwotkzaxc1OGz84:Vi0fi0H/IMzKpXOMGQ4

Score
10/10
aspackv2persistenceransomware

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 2 IoCs
    persistence
  • Renames multiple (91) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • ASPack v2.12-2.42 3 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Drops startup file 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 3 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8d4c8ff1e3c0929b81020073df656a41.exe
    "C:\Users\Admin\AppData\Local\Temp\8d4c8ff1e3c0929b81020073df656a41.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops startup file
    • Loads dropped DLL
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2060
    • C:\Windows\SysWOW64\HelpMe.exe
      C:\Windows\system32\HelpMe.exe
      2⤵
      • Modifies WinLogon for persistence
      • Drops startup file
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops autorun.inf file
      • Drops file in System32 directory
      PID:2716

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1603059206-2004189698-4139800220-1000\desktop.ini.exe
    Filesize

    7.2MB

    MD5

    24eb3ddfa70a905085d3ff8660afed49

    SHA1

    fc1126c420d65a08563d87f95deb19b3efd7e600

    SHA256

    b489fced7b95faa7976d9756a30fb93f4d68a535cc73512b68742ac60ace7f93

    SHA512

    0127f4cd265c7015db705f239af7d2acd1913f8f4a58b3435bb9544d13a0d5b53308f8fefb804504f807e7a6380e8c36af8673298b2f4368d2b4089abb24e2e2

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
    Filesize

    954B

    MD5

    10cfd64f1591c77a3648017d3bc9125a

    SHA1

    1099473181e5a5363b008a02c0a73e49339255e0

    SHA256

    cf0eb9d9c25ebff8688235d5ad0a35219e22e9abc723cb09ea051ea4c1b96743

    SHA512

    453f350eabf8091b3c5317d7a9d0982b97071cc00a597840f38315f0b5ce1400dab4a78f5544e38a654e028df46cf63f2e9c3abf7f2eba2ac11b5fba5ad7ad26

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
    Filesize

    1KB

    MD5

    b45d725d0ee93fdc3467b2e4cafc755c

    SHA1

    8e81bce146bc2ae4da757dce3d880b837a5381ee

    SHA256

    c3b5a2705aef6bf785bf46915ee0fbc95370f98daf93d41f06537fcd99efcd16

    SHA512

    4baaa00ae994459df0d62a764214da47e3d8a0eab61db6b42b229b781921c81f148fc8b1ae88eef7dd30717cc43b682c006706cdfba5c56f86202f4152afe887

    Download Submit

  • F:\AUTORUN.INF
    Filesize

    145B

    MD5

    ca13857b2fd3895a39f09d9dde3cca97

    SHA1

    8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

    SHA256

    cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

    SHA512

    55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

    Download Submit

  • F:\AutoRun.exe
    Filesize

    7.2MB

    MD5

    8d4c8ff1e3c0929b81020073df656a41

    SHA1

    8b15ade3540f648999e13378c96ed5e42c8ac681

    SHA256

    4f24c1311642003c237780de49f39f46ceb450411490335a8048c36b9198053c

    SHA512

    a9d913b6cbd6badb836d1cc93342c72401b88a57afbda24f1862fd28153bf99276cd3517c441d2792ce332b8a50be2178986d0dc3f122834bd2be931f413dc8a

    Download Submit

  • \Windows\SysWOW64\HelpMe.exe
    Filesize

    5.2MB

    MD5

    d2542eb94c97a1b5f211a5566b000246

    SHA1

    21e4be8ea8116bc51222e5194f004b4fb5d7eb1e

    SHA256

    b01e966d3db7a545250fa27e23078aac7d95535185ce47b17d91ab7a6be95f87

    SHA512

    496627b3576ea1f0aa1294135910172f301335f43f0737d08061c5b750b1b56c15e056c62af9706c4ff8ec2a1aa549541c883100433087611a89139247ef3bc5

    Download Submit

  • memory/2060-308-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2060-322-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2060-74-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2060-362-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2060-238-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2060-348-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2060-240-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2060-342-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2060-250-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2060-332-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2060-262-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2060-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2060-268-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2060-302-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2060-282-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2060-292-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2716-251-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2716-333-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2716-273-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2716-303-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2716-263-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2716-313-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2716-293-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2716-9-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2716-283-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2716-323-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2716-241-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2716-343-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2716-239-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2716-353-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2716-75-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2716-363-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download