Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

5dcc11022d...ef.exe

windows7-x64

9

5dcc11022d...ef.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    08/04/2024, 21:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe

  • Size

    244KB

  • MD5

    c24389c33bcba5c0affa69178c80feca

  • SHA1

    ae2fa95372bb4d5f2d108b01d3fae5f8e5cbc4fc

  • SHA256

    5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef

  • SHA512

    616a8f1767605d43d08c53ad622d3838caefc38c5f41da774858d1574a2b1cf441e42e32fb2cd5888c7bb0ed20bb29de5c8d83dc80a425cf3e37b2c31e090821

  • SSDEEP

    3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBe:PqFF2Ke+eDJ2iaNSCKSkl3U73PU

Score
9/10
ransomware

Malware Config

Signatures

  • Renames multiple (2850) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe
    "C:\Users\Admin\AppData\Local\Temp\5dcc11022dcef28b32f6072fe2cf3243219898c05ed0944425e8851de07829ef.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp
    Filesize

    244KB

    MD5

    de34c02867e998b18c7cf0369353d5c7

    SHA1

    b1462c020a81913b08c094c7563992cbca3a5a40

    SHA256

    e4aae41228c63106e01a8c16b591f6ad8bd5c2714c150ae09f56f7bbc49f9fec

    SHA512

    5ff80548b2dfa2dafcdd1711d88dbbf04984d9b5c0cab1d0eec455ae82b49da2e38a25cc1e4390624b60ed1361d9e982c62628ef8da64872b429a7504de00f39

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    253KB

    MD5

    2f09e06a21d667635046fa1a41b5fef3

    SHA1

    30be08c85a3df57b21d9ac0f044870df88bdcd7c

    SHA256

    7e72d0cf51470e599d45b19842485ab78fe4e3191b59343c51a09db0cb528910

    SHA512

    af1f3a1e4a5f7668ea06918f7dd81d2df89bd8c8afb038f9a7b4c2995e2c219a48ab3da8f7b98f30d60a0d13d257b27f2531402ef9e8ca31c5f4ad09503c28ce

    Download Submit