Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2024-11-07...uk.exe

windows7-x64

1

2024-11-07...uk.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07/11/2024, 09:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-11-07_cdaa83e8fda8718deb7197cea179dce2_ryuk.exe

  • Size

    3.6MB

  • MD5

    cdaa83e8fda8718deb7197cea179dce2

  • SHA1

    6339315b355537a70fcb30a611350eeda12e04e1

  • SHA256

    f80085e505e9cec02266687e45f20d7d6f73bf95978921f375bb37cac9745cf1

  • SHA512

    33b88fad8fd5b6eee84f9428c002347f6bbdf6a210fdeca49ef4180b8b09d4f772f3041d21e915667d4d57331b76a6966974f8d489d759134b5231be6675d6b5

  • SSDEEP

    49152:FByPnIVm7J9wCG7cpcXfUx9oh1P9ea0wHlcjKLrD:p

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-11-07_cdaa83e8fda8718deb7197cea179dce2_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-11-07_cdaa83e8fda8718deb7197cea179dce2_ryuk.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2548
    • C:\Users\Admin\AppData\Local\Temp\2024-11-07_cdaa83e8fda8718deb7197cea179dce2_ryuk.exe
      C:\Users\Admin\AppData\Local\Temp\2024-11-07_cdaa83e8fda8718deb7197cea179dce2_ryuk.exe
      2⤵
        PID:1808

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads