Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-06-09...ny.exe

windows7-x64

7

2024-06-09...ny.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    09/06/2024, 10:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-09_a2b0b6d36f84acb2050a98e5b47ae204_bkransomware_karagany.exe

  • Size

    677KB

  • MD5

    a2b0b6d36f84acb2050a98e5b47ae204

  • SHA1

    259762b55958655fb16206a947421593d7b7f8ec

  • SHA256

    136418b7e1e9f4a9d30ec01a65f5183daf637e12bb0056a0ea72744d05c3d25e

  • SHA512

    c6bfc48bb3b187d1291def4650f7c14ca8b45616cbbdb66af728cb8ff8af6ee2c1f483d5b73a8651abd10075826ce1028a5065b5eef9499eb76ac8f7a9d739b8

  • SSDEEP

    12288:QvXk1DHUVpyNj3C/Ei9OQSt6uk3zO61zOQJjN6atJ6bVgwtZJzZ:Ek1rUMj3C/Uvw3B8atQVpZJ9

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-09_a2b0b6d36f84acb2050a98e5b47ae204_bkransomware_karagany.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-09_a2b0b6d36f84acb2050a98e5b47ae204_bkransomware_karagany.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1452
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    PID:1736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\System32\alg.exe
    Filesize

    644KB

    MD5

    f6a5eb7f52d316816dba3a9ba097066c

    SHA1

    2c585acc6ddd7257b737994f1441640f46fd2332

    SHA256

    99ede4dba38d219267e344c040d6c0484f438acac9500922868699cd051a6bfa

    SHA512

    3ff5155eb36e0e2ccb83a5e22297b45990f46263f858a2ab7473b51c5754569527123db899e2260023cbb872dd261d91515c834a94adf41d9272e6392eae2b43

    Download Submit

  • memory/1452-0-0x0000000000400000-0x00000000004B0000-memory.dmp

    Filesize

    704KB

    Download

  • memory/1452-6-0x0000000000310000-0x0000000000377000-memory.dmp

    Filesize

    412KB

    Download

  • memory/1452-1-0x0000000000310000-0x0000000000377000-memory.dmp

    Filesize

    412KB

    Download

  • memory/1452-16-0x0000000000400000-0x00000000004B0000-memory.dmp

    Filesize

    704KB

    Download

  • memory/1736-12-0x0000000100000000-0x00000001000A4000-memory.dmp

    Filesize

    656KB

    Download

  • memory/1736-17-0x0000000100000000-0x00000001000A4000-memory.dmp

    Filesize

    656KB

    Download