Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2d53a70315...36.exe

windows7-x64

9

2d53a70315...36.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/04/2024, 19:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe

  • Size

    107KB

  • MD5

    95471ab4674083fc00dc5a8a8a9a378f

  • SHA1

    1aff225fec372a7fbf0caf582b2e9eaee81632a0

  • SHA256

    2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336

  • SHA512

    921b53431e582ff3174c0425603c1abb12407986372f7a1aa071d1ee67ee1343c94cb5c5ea0822445e154cf52c65f4375d47f4ce9ab2d66583dff4b3372cd5e6

  • SSDEEP

    1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfOP:hfAIuZAIuYSMjoqtMHfhfE

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (4932) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
    "C:\Users\Admin\AppData\Local\Temp\2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe"
    1⤵
    • Drops file in Program Files directory
    PID:396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2818691465-3043947619-2475182763-1000\desktop.ini.tmp
    Filesize

    107KB

    MD5

    1d03807f637dcb1b9fe0339c672625fe

    SHA1

    22ea083b33c10561547f84c4016ae466538ae19c

    SHA256

    0dccdbc03f53a6ae9f8dd5142b1ae970021d0725dacf01ac48308bcc2c6e9d08

    SHA512

    1db386a4a3dd1d8591d35f0da01ce7245216d62a20a9dd422ac9f0bcda16936603f377b9be606e1668810078c66e96cd6bfd5c20c98dfde82f0b89aba65bf12a

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    206KB

    MD5

    9c0a3cc1667ff71330eb64c85d21398f

    SHA1

    cc292e2e40bdf7069206fbca30263319a7d67be0

    SHA256

    6a0d149c0a4e1d84d319e261a3b262eba99a8c81012cf321c7d9cf75636664c4

    SHA512

    611e0b7a2b5b8e8e048f6d90e2fa8695c5401055fa3f22b7377be2ba6546ffc72887cdb2bbddf2c3ebf2246058d3300818afa1d66b08252c42d27e0459a91170

    Download Submit

  • memory/396-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/396-798-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download