Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

f1a01868ca...70.exe

windows7-x64

9

f1a01868ca...70.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03/05/2024, 05:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f1a01868ca93625d2d67bf4c06052f81e2052e8b0ae93004a68e01b944124e70.exe

  • Size

    89KB

  • MD5

    93cd221dda3847316ac1a1405dd53de5

  • SHA1

    e8e47e9650f94c2b9d8d86d4654057249c358c80

  • SHA256

    f1a01868ca93625d2d67bf4c06052f81e2052e8b0ae93004a68e01b944124e70

  • SHA512

    1e95472ed3f692f8abf2ff0d8439219d4a2a48cf29cd3051e056245f09513d5526983f33087970146a34b11d88757b0ddc307c43eb124b1ba338143bc5b429d0

  • SSDEEP

    1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPq6:6rWpcOPxPke+e3fFpsJOfFpsJbgEx

Score
9/10
ransomware

Malware Config

Signatures

  • Renames multiple (3487) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f1a01868ca93625d2d67bf4c06052f81e2052e8b0ae93004a68e01b944124e70.exe
    "C:\Users\Admin\AppData\Local\Temp\f1a01868ca93625d2d67bf4c06052f81e2052e8b0ae93004a68e01b944124e70.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp
    Filesize

    90KB

    MD5

    d602fef84ba9eba6f88dbbde404ea2fe

    SHA1

    31a4e6e6ba05f798c263b3d64424a991e4007628

    SHA256

    59425c8a003b10161c025828e7f6d3b8a46ff02ab978ffc3399ff2d6bb8c2d2e

    SHA512

    d48cf60c8ba467d836da17f6482f6b4447cce81dd7cfb8090b1379de517e22d861c774b9a1cd3524e8d248ac70fb0afeacc8c6cffbd130741d27a8d46fd7245c

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    99KB

    MD5

    f771354c89a13f81c8616bd8f9e2dab8

    SHA1

    3520ffba9a6bb6aee838b3c8c35440e7bb8f7330

    SHA256

    8e83af66e78301ffd25760001445b21b87c322224d2520e3096e5cc0a0953700

    SHA512

    533e0ce23618d19b682d3cfa504aee1b150bed46a9090e36bdd9387aa05398b7748816d0d2a5a528075be4ccc56b8524ae771e8745f44bb79da4ba9eb2d04273

    Download Submit