Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

0486218577...d9.exe

windows7-x64

1

09bfd15145...11.exe

windows7-x64

9

141d93e2d4...aa.exe

windows7-x64

10

16c2807567...55.exe

windows7-x64

3

2f41c73046...95.exe

windows7-x64

10

3e275093a5...01.exe

windows7-x64

10

419a809f42...89.exe

windows7-x64

3

4b10fd0d5e...58.exe

windows7-x64

10

4d78c439ed...f7.exe

windows7-x64

7

4f7713dcf8...63.exe

windows7-x64

7

597deecbe6...4d.exe

windows7-x64

7

6b59edf464...e8.exe

windows7-x64

8

7def3cd43d...d8.exe

windows7-x64

7

96ba85326e...8a.exe

windows7-x64

7

97f1b6afb2...2e.exe

windows7-x64

5

9906747639...1e.exe

windows7-x64

1

9e1609ab7f...08.exe

windows7-x64

10

b7fc91fc1f...37.exe

windows7-x64

7

bf179bbd2c...25.exe

windows7-x64

3

cfc68c40f4...4f.exe

windows7-x64

6

e6e948a0aa...eb.exe

windows7-x64

1

f02fe52119...68.exe

windows7-x64

8

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

secrehosted.exe

windows7-x64

3

Resubmissions

27/11/2024, 13:27

241127-qqdkmsvnhz 10

27/11/2024, 09:28

241127-lfrx3atrgr 10

Analysis

  • max time kernel
    122s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2024, 09:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    09bfd15145c9d8e39f99d3dfe98337a8c488dc334dfe195d27bdeb5b2459fd11.exe

  • Size

    765KB

  • MD5

    500ef53924b722ddb43632b0dd9070c9

  • SHA1

    daf44813ae7f0792ccb3640cd4c700193daf6cf4

  • SHA256

    09bfd15145c9d8e39f99d3dfe98337a8c488dc334dfe195d27bdeb5b2459fd11

  • SHA512

    f7ace2a8e018ef576e98221b60ac9e99477b2e5ef7f323147c9f90c3f9a1639cd778eca4558491a2c4217001d52377fa8ec5ac2732ee362221c34c69c7610216

  • SSDEEP

    12288:Xl26S0vAcB+UwoVSidDHeeIJoCnVRWJvdKLv8S2cZtWkHCmTBQk9TfXX4Jy0Ro0Y:VlS2jgvkTee8VRWJVKLvR2cbWaHTPXqy

Score
9/10
persistenceransomwarespywarestealer

Malware Config

Signatures

  • Renames multiple (3024) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Deletes itself 1 IoCs
  • Drops startup file 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops desktop.ini file(s) 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\09bfd15145c9d8e39f99d3dfe98337a8c488dc334dfe195d27bdeb5b2459fd11.exe
    "C:\Users\Admin\AppData\Local\Temp\09bfd15145c9d8e39f99d3dfe98337a8c488dc334dfe195d27bdeb5b2459fd11.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1556
    • C:\Users\Admin\AppData\Local\Adobe\Acrobat\11.0\Cache\conhost.exe
      "C:\Users\Admin\AppData\Local\Adobe\Acrobat\11.0\Cache\conhost.exe" C:\Users\Admin\AppData\Local\Temp\09bfd15145c9d8e39f99d3dfe98337a8c488dc334dfe195d27bdeb5b2459fd11.exe
      2⤵
      • Deletes itself
      • Drops startup file
      • Executes dropped EXE
      • Drops desktop.ini file(s)
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:2388

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll.exe
    Filesize

    809KB

    MD5

    80c8b0e36ef420a1a816c37f882ac33c

    SHA1

    e63c8db1653747a545de22550cfadf5e11396cc7

    SHA256

    cab706180bc0fa8c74b62fc4b0b1c01da3d3d3ab1b44212774911a050a2ec422

    SHA512

    ee8571aec61022d6c55e9ab14fc9e0cb8906832671ae3ebf1346b7b18fa53586e9834ffa947f0c0404d1ba5174c4895599730e49b82fbe1e85962eed78f474bd

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\invalid32x32.gif.exe
    Filesize

    160B

    MD5

    b8658f1969749bf10f92d766534f9e57

    SHA1

    a0ca1615014c54ce64a3e663e64b4b4dbdc3e73c

    SHA256

    65d261cda5e626a51ddebc95cef46cc89d70bbc6788eecd30ea6ed9ed57f0c09

    SHA512

    27540cd85d0795b9e6b7786ff62d16587c2ffec1c8ef49f50d473fbf5306d3ec8162758592341c400570df93e38e93ec1ddf5e42851de680b9f327956e4b725c

    Download Submit

  • C:\Users\Admin\AppData\Local\Adobe\Acrobat\11.0\Cache\conhost.exe
    Filesize

    765KB

    MD5

    500ef53924b722ddb43632b0dd9070c9

    SHA1

    daf44813ae7f0792ccb3640cd4c700193daf6cf4

    SHA256

    09bfd15145c9d8e39f99d3dfe98337a8c488dc334dfe195d27bdeb5b2459fd11

    SHA512

    f7ace2a8e018ef576e98221b60ac9e99477b2e5ef7f323147c9f90c3f9a1639cd778eca4558491a2c4217001d52377fa8ec5ac2732ee362221c34c69c7610216

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\L7XNHY48\desktop.ini.exe
    Filesize

    80B

    MD5

    fd4e88571fbaf0ccecdc4123f8be390e

    SHA1

    09c3309f91041bae389ce66145ffd8f1a7ab4f43

    SHA256

    54e61521e019af817c792629b05f59a8a0bea2dc1c46c479f084b10aaa131c03

    SHA512

    4c04872371ec8254a93c128e2eb287bd1a8670ebddf3902fe87e658a0c85e8c1dee6b79dc1afe6d5cd2b19442664b6f8087fc3821a18bc58c377593976000d14

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DNTException\container.dat.exe
    Filesize

    16B

    MD5

    27dffbdb5818d4b8680c5d22680dd1c9

    SHA1

    78b83c5951f973fd85e7cc22adf1a549de0348f0

    SHA256

    489f323b35b1be9f94e4d81ea799073fbc4fd8a1a6cd4623fc42c2d4d2555e76

    SHA512

    dff968a9e309367278464273a7d94ff71fde955204e3f8776ed5159344593f0aad57eb22e3b91ff4a6db33cf0d8e085bdf613099696784efc03d8b5474b1bc05

    Download Submit

  • memory/1556-1-0x0000000000190000-0x0000000000256000-memory.dmp

    Filesize

    792KB

    Download

  • memory/1556-0-0x000007FEF5833000-0x000007FEF5834000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2388-9-0x000007FEF5830000-0x000007FEF621C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2388-448-0x000007FEF5830000-0x000007FEF621C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2388-447-0x000007FEF5830000-0x000007FEF621C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2388-10-0x000007FEF5830000-0x000007FEF621C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2388-8-0x00000000011D0000-0x0000000001296000-memory.dmp

    Filesize

    792KB

    Download

  • memory/2388-3044-0x000007FEF5830000-0x000007FEF621C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2388-3047-0x000007FEF5830000-0x000007FEF621C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2388-3049-0x000007FEF5830000-0x000007FEF621C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2388-3050-0x000007FEF5830000-0x000007FEF621C000-memory.dmp

    Filesize

    9.9MB

    Download