Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Endermanch...om.exe

windows7-x64

10

Endermanch...om.exe

windows10-2004-x64

10

Resubmissions

27/02/2024, 22:24

240227-2bnb3sdb2x 10

27/02/2024, 22:23

240227-2a4mnsda9s 10

27/02/2024, 22:21

240227-19v9xach75 10

27/02/2024, 22:20

240227-186dgsda5s 10

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27/02/2024, 22:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    [email protected]

  • Size

    1.4MB

  • MD5

    63210f8f1dde6c40a7f3643ccf0ff313

  • SHA1

    57edd72391d710d71bead504d44389d0462ccec9

  • SHA256

    2aab13d49b60001de3aa47fb8f7251a973faa7f3c53a3840cdf5fd0b26e9a09f

  • SHA512

    87a89e8ab85be150a783a9f8d41797cfa12f86fdccb48f2180c0498bfd2b1040b730dee4665fe2c83b98d436453680226051b7f1532e1c0e0cda0cf702e80a11

  • SSDEEP

    12288:WZgSKWk54jeg6lL5assQHtzV2KoLJ+PwXxwuLSJ8slf1zMr6iL/KNDx2PIXe2Q:KgoLetlLS8tz6V+PwD0XVMrXCNDxtK

Score
10/10
troldeshpersistenceransomwaretrojanupx

Malware Config

Signatures

  • Troldesh, Shade, Encoder.858

    Troldesh is a ransomware spread by malspam.

    ransomwaretrojantroldesh
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\[email protected]
    "C:\Users\Admin\AppData\Local\Temp\[email protected]"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of UnmapMainImage
    PID:1908
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\EditGroup.gif
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2664
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2664 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2716

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d916a69eb02c62c5b45e8f4dfc7e22cf

    SHA1

    4b77b688b53143c35307e5f93df6b0ab8e47f9ac

    SHA256

    7859c87e63e993c06eba7372a4329b2de3f94f7826cd49ed53a15b3c0d0d8497

    SHA512

    c13beaec3cd498d4c1595730973568d5dc2402cb99c5c56d884f8da4d376b40c622505589b0123bbfca4a2f64e801acf146dded393adbb54fe2bd118e53cca60

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    26be33eac2fc6847f0c99045de86b103

    SHA1

    810e3a335e5d2826a564d951a4508f2c3e7d967e

    SHA256

    7741a24ba38110e890138d1425476e6f02baa0a7443552e4f865c4f98905cb02

    SHA512

    80b65e7cf41bb2bbf9e7e23872a1a2f5414a1cde1fe0385c817204ed5bb95328fce64c981f1ff6c35cd967b74dbecb05e2222653f83c1c3ae1054c3cec1ac602

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dea02918db88b92c4f95dca5d6ed17e5

    SHA1

    0945e60b047c636dbf6a3f9f39728753c8094034

    SHA256

    33d48daa40aaa7aef87dbec5b3e584cb2307b2d3842cba11eb3c85b97c4bf9c4

    SHA512

    1da5629c7783ee48a54075e904341acf3799b3460147f06be8a8360e0aeed180747f7efdf7fa888a4ff49ed12311945dc057dfbb878bf85b1b616f1bb25ad3c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6e7e8c4edcb94d787d40b9c760327d1e

    SHA1

    28f2d4888cbfab0cfc70295be22275d75527860d

    SHA256

    cd11d965caa9e2bb75c33ca002dd50f839de6561e862681500424f353b0bc79e

    SHA512

    993f52f00e9ae2fa54a0a74544b579ef108b288254a41f52039a8028ef601cd9196569c2daf5cd178e0ea5af4b85c0cb262aab49938649249e7ff56eee44b0a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c87ae94a4da138ea943b25bdca1d6a82

    SHA1

    22f28176deedb2306245abefa25e6b1b04da0cbd

    SHA256

    6ccaee14a1b1160224a83e2852e8daa797ca8d21d17de101960775248faad497

    SHA512

    392528817ea1c20b12ecdff0739ef48c1272e12e2dbaaca8a57b549f0940b897c0e7457443c70bec43bf1a480317b2f9a7178877de8e3765da05bf0f1522e054

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    225de1ee9cc135757d8fd3919299a2b9

    SHA1

    d00aa7da837799ea294e6a8bc84d4f343f16fa1d

    SHA256

    fa5264a87143269437682c683e4893bc9748b0a7f498223b70a2e2295ed542f7

    SHA512

    f2b03f8a96877bb872d4b398162b6fa28dc38187d85c58a2ee90895733ee02ae46fc2b9d387ec0200e03488bd8b51bcbb9e3c2f5a369e91a2bf5916eef45de1f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ac5694f1c33c23200bbf690285d95241

    SHA1

    1b4551e211110fbc4c317eeaa6017bb549a4f4ff

    SHA256

    26dbcef69eb168f0bd63a49cdf1e3e1d46516c5517de70a331f7d654cd243c12

    SHA512

    f5eb0f3610833c09bda05455153e6e9122f563931e67df078d6e861e108cbf4b3ec83f1be31681a4c6dc95818afa013ef49f63e8128733fc10e0099c1242020c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dbda45db2c9b03efeedb7fe4ca56b5d4

    SHA1

    0f01a4e36d4f2b10a509b62cec0a5ed456fa2674

    SHA256

    dc387aef34c24fd411ebd2e9afef9fe3c2f17b420573430c3fe6a0aa4f0c35d7

    SHA512

    f23c62d7d82b914e16cae4664a7d44b4624fe0db5031efa6383503b08b9baf67c32752e79d647bc7f383c733a756d23617e28afcc5a87caf592569f5e9a75f79

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bdf8d3c48a4e2cde2783b845ecf747a1

    SHA1

    dcded10c79d0ee452e5b7475df2495f602cb1fc3

    SHA256

    254c14f73ce139cc4cc8c8c1742fbd623e9906086fdbc6de80c0d4ac8cadd6a8

    SHA512

    1fc75a11051f4a5087d40e764212f333a88d7d4cb6f12b2915c929d0c50c569d37e59630a74fca7f331b3d6078ed93b079c5058a42fcff336bb167693bc712f3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2ccded9512e2217c06fc0ff26d3b9189

    SHA1

    094411defb9f6845bb44272ef3d1f67f656a634d

    SHA256

    e52f26b280667bdd56841259f3fb2aa546ed07ea038c8619ba4e9ac85fe15965

    SHA512

    4192b4e345b92895f4bf2d8aad12845cfc3715bf6008311079f6a03e3cfa08762b0f5e1bbf91e0e35459db6c5e20210991a09dd4075b42b1d27d2e064f0e8d65

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabDEAF.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarDFBF.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~DF14CA951524A60EBD.TMP
    Filesize

    16KB

    MD5

    9dec12962198e228a7270309355ff5ac

    SHA1

    ec7419a9c1851015d4f8ea6dc19814b99d7d5b24

    SHA256

    c0abeb889372c26084da9019ee8a211ace538df9eba85b05594d4ad2a8b9682d

    SHA512

    5eab2016aee6b12637573d0ef3805cddc2e7dacf9aff011ae719dda3b3bfb7638b287cec220e4eb66cd740bb9852fd593b0899532a99352b0962e5045dfa477a

    Download Submit

  • memory/1908-0-0x0000000001E30000-0x0000000001EFE000-memory.dmp

    Filesize

    824KB

    Download

  • memory/1908-9-0x0000000000400000-0x00000000005DE000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1908-3-0x0000000000400000-0x00000000005DE000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1908-5-0x0000000000400000-0x00000000005DE000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1908-4-0x0000000000400000-0x00000000005DE000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1908-2-0x0000000000400000-0x00000000005DE000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1908-1-0x0000000000400000-0x00000000005DE000-memory.dmp

    Filesize

    1.9MB

    Download