Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2025-03-18...uk.exe

windows7-x64

7

2025-03-18...uk.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    14s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    18/03/2025, 01:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-03-18_7e8bef0e5baa023171cb93339e761b86_ryuk.exe

  • Size

    11.8MB

  • MD5

    7e8bef0e5baa023171cb93339e761b86

  • SHA1

    5c2b59771c1e0af962cd6e44ebd008da53b6823d

  • SHA256

    e19d00767aa93ad6e6de89901fe2a2ad389dd3824036ac9a796fdd50723e0707

  • SHA512

    5837eea02955d99ebcb01fe8fe427985bd45d8088e4c8d02bbc348fa1666b9cbc7c7961cfc313e15ab6b85d824fdd0ea278a8369cb626b2844485412d398d486

  • SSDEEP

    196608:pT0OqTXrTaXPA4pzxw9BK+GIgr9onJ5hrZERpyiU8AdZYJERS48RmU/3ZlsPvar:KTXafVxw9BNPi9c5hlERlAdZYygtN3Z1

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-03-18_7e8bef0e5baa023171cb93339e761b86_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-03-18_7e8bef0e5baa023171cb93339e761b86_ryuk.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2304
    • C:\Users\Admin\AppData\Local\Temp\2025-03-18_7e8bef0e5baa023171cb93339e761b86_ryuk.exe
      "C:\Users\Admin\AppData\Local\Temp\2025-03-18_7e8bef0e5baa023171cb93339e761b86_ryuk.exe"
      2⤵
      • Loads dropped DLL
      PID:2144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI23042\payload.exe.manifest
    Filesize

    1KB

    MD5

    d67bc153fed4560ceb331087b13dae8c

    SHA1

    bb61d6806e3c5567a335acf38bd2912fa26825aa

    SHA256

    0c66d699d5c7490715774dab9b1a9631dfc47233c35ac952ef58fe9e59105a6a

    SHA512

    dbb67444d9becbdfb6650bea64aa4f2641b66188a690faa4535359faefd25291fd3646a05c87536446af239a8dfdbcc8f453b1b398697bc4dcdb517955e2cb7e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI23042\python39.dll
    Filesize

    4.3MB

    MD5

    11c051f93c922d6b6b4829772f27a5be

    SHA1

    42fbdf3403a4bc3d46d348ca37a9f835e073d440

    SHA256

    0eabf135bb9492e561bbbc5602a933623c9e461aceaf6eb1ceced635e363cd5c

    SHA512

    1cdec23486cffcb91098a8b2c3f1262d6703946acf52aa2fe701964fb228d1411d9b6683bd54527860e10affc0e3d3de92a6ecf2c6c8465e9c8b9a7304e2a4a6

    Download Submit