Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
20/06/2024, 12:41
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2024-06-20_dd764c529d2c276b6b0dfc6703c93fe1_bkransomware.exe
Resource
win7-20240611-en
3 signatures
150 seconds
General
-
Target
2024-06-20_dd764c529d2c276b6b0dfc6703c93fe1_bkransomware.exe
-
Size
1.9MB
-
MD5
dd764c529d2c276b6b0dfc6703c93fe1
-
SHA1
811fd5ff62b8f99b59f7884a8d0087e77b96d369
-
SHA256
f2efe14cfaae0ca084d9226b80e9db293a02fd44c3e89580aaeeda069b8e39e2
-
SHA512
cf54c861a59f0256d6f96a3ac1215888330386e52d7cdca6fb9501e01e8616d119562c9b865b21eb6a8796c8c23a4e3ddba44206d5727f3c52e2ffebc482c414
-
SSDEEP
24576:x2lmz4RPgXe4i7ojhsP5Lgrk1TWb4AN5:x2Mz4RGe30jaNf1TWbdz
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 1 IoCs
description ioc Process File opened for modification C:\Windows\System32\alg.exe 2024-06-20_dd764c529d2c276b6b0dfc6703c93fe1_bkransomware.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 2404 2024-06-20_dd764c529d2c276b6b0dfc6703c93fe1_bkransomware.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2404 2024-06-20_dd764c529d2c276b6b0dfc6703c93fe1_bkransomware.exe 2404 2024-06-20_dd764c529d2c276b6b0dfc6703c93fe1_bkransomware.exe 2404 2024-06-20_dd764c529d2c276b6b0dfc6703c93fe1_bkransomware.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-20_dd764c529d2c276b6b0dfc6703c93fe1_bkransomware.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-20_dd764c529d2c276b6b0dfc6703c93fe1_bkransomware.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2404