Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

xd.jpg

windows7-x64

3

xd.jpg

windows10-2004-x64

1

Resubmissions

12/03/2025, 19:52

250312-ylj6ma1wbt 10

12/03/2025, 19:49

250312-yjp9vssps6 3

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/03/2025, 19:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    xd.jpg

  • Size

    142KB

  • MD5

    11bae8eff2fe0776d74dc9bfac3780e1

  • SHA1

    ae5a7ad8813d802a821687098696ca0768ca597f

  • SHA256

    1aa677b16d7c9d06cdb7a94f454f4616f6814a6d07ca91485ca3ce549e204a97

  • SHA512

    5543450f3fb52c88b86b15105d3ee8ce50dbcaf3b14ecfdffc666cbf0d933c02167d6d04933693f205368853027f7c1a0f013d4c1cb07f30da3c1fd1d11c1767

  • SSDEEP

    3072:VMSgJeb5J5EsbRyaFX1VacpAqoOSr1zkhKmF/g6EYrmhXCsG1QC8:ySgE1J5EsbRyaFX17TrSr1zc/IysG1Q7

Score
1/10

Malware Config

Signatures

  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Windows\system32\mspaint.exe
    "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\xd.jpg"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:3732
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
    1⤵
      PID:2556
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\DEWD.txt
      1⤵
      • Opens file in notepad (likely ransom note)
      PID:3160

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads