Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

626622d41e...f0.exe

windows7-x64

9

626622d41e...f0.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    04/05/2024, 23:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    626622d41ed6001c0c92bb2f9cbfaecacdd04a743901e94988491e0e69e97af0.exe

  • Size

    2.4MB

  • MD5

    7754a92908a633a0f2287abfb427bfdd

  • SHA1

    bba8c6c4d71102ac2391a09241c05ac7171544c5

  • SHA256

    626622d41ed6001c0c92bb2f9cbfaecacdd04a743901e94988491e0e69e97af0

  • SHA512

    5919afa41189b70ab2cf8e6c89e456673ae1c41b64cc8ef8087071c1ff03420666231d278f9a7fde64437f7a1b9154b9a37214d7c8228de01fadc654c21ae472

  • SSDEEP

    24576:AItTItD4aFEDgI5hihF6cLYlrV+UdQBVmJzwc5uxVJ32E8p0cESYSV7fs4cNbxHT:AWBTRzroUdQBVmJzn5+j9lsNG7aFBo

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (228) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\626622d41ed6001c0c92bb2f9cbfaecacdd04a743901e94988491e0e69e97af0.exe
    "C:\Users\Admin\AppData\Local\Temp\626622d41ed6001c0c92bb2f9cbfaecacdd04a743901e94988491e0e69e97af0.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp
    Filesize

    2.4MB

    MD5

    cbec8e9bc05598c116cb1578b6a107c2

    SHA1

    1fd2ddbffe9da6bb19d5cb0adeea9badb8b7a68e

    SHA256

    07642962e28e979d2d0dcf5be522ab7a2702a07832860119e0de54a63909a361

    SHA512

    94c5678b9db17a020bd854c887f6878ca0179b35327a66e0beac18e7dfa765d8ddc458f9a1bed7748535838eb5736b7c7c0dea4ad36e825bc786557427da35b4

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    2.4MB

    MD5

    1924880865cb9c6e6a30cef2d9b171dd

    SHA1

    8073669277dac95ff142c0146a9947b0f0f823bd

    SHA256

    13605bf3d16698caee6dfae714268a371642a50e7d90d961ba8f330290c9e041

    SHA512

    daedc503b3603d80656b7e1811c6fa4b10338223d06702e3cfe4469a448e3b4fcaecb1212da20c1de839860a299dfe99b0b6a1c60676082e94d406f4be6d96fa

    Download Submit

  • memory/2024-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2024-130-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download