Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
17/01/2025, 16:14
General
-
Target
21bc5877d08935468c28c7361a7c38c40f98ed1782af6ba49e1a916046ae5706.exe
-
Size
240KB
-
MD5
fb1caeec84e0c4438963ce0fb133278d
-
SHA1
2884cf44f8241a427a61ab7c54842e78a8b5b609
-
SHA256
21bc5877d08935468c28c7361a7c38c40f98ed1782af6ba49e1a916046ae5706
-
SHA512
c55e0b640d3601f2b4d897599619796153e7007bdbd64a8455fd035ad787870bf2b8bde68a15dec40a4a24c0be8fc97790d125f9ab56b05ee3001679982ef997
-
SSDEEP
6144:0haKwdeU7LyrC6pnv445VEXs5kzlu/e7QCsXqB:0hydeUvEpbQsx/eMvqB
Score
10/10
Malware Config
Signatures
-
GandCrab payload 4 IoCs
-
Gandcrab
Gandcrab is a Trojan horse that encrypts files on a computer.
-
Gandcrab family
-
Unexpected DNS network traffic destination 64 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in Windows directory 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\21bc5877d08935468c28c7361a7c38c40f98ed1782af6ba49e1a916046ae5706.exe"C:\Users\Admin\AppData\Local\Temp\21bc5877d08935468c28c7361a7c38c40f98ed1782af6ba49e1a916046ae5706.exe"1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
17KB
MD5fc807cca56c0920e6c0e8036d22fbc61
SHA15d2189f4c501f40dfe09365e2242b0932263f043
SHA2564e4aaff6eabcb85f2f4b5cd624073281b988c2c2605343cc06dcff08ef1baf1a
SHA512cd002ba320c564d221779bb2da246affc3f17fb28e26266173a85ef480a1e486caf2fec4a17fe61841354cb1de3f0c8ad605f87f3851bae15a0515e657002a46
-
Filesize
108KB
-
Filesize
176KB
-
Filesize
92KB
-
Filesize
308KB
-
Filesize
308KB
-
Filesize
108KB
-
Filesize
176KB