Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

4b54555da7...ae.exe

windows7-x64

9

4b54555da7...ae.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/05/2024, 21:05 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe

  • Size

    129KB

  • MD5

    718eb09a1c4ed55452049cce8c1dcf9c

  • SHA1

    f191473b2c6ffc85f2f8637ab580c242341f218a

  • SHA256

    4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae

  • SHA512

    8259c6b5913422a70c1d96e8914fea37c2b583f7f38e42be243225126036223475e472316ac3ec8fc50797f28886acdc13032f6de9de2735a7f2f3ad6a4f8910

  • SSDEEP

    1536:a7ZyqaFAlsr1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSA:enaym3AIuZAIuYSMjoqtMHfhfK

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (3447) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
    "C:\Users\Admin\AppData\Local\Temp\4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp
    Filesize

    129KB

    MD5

    d00ded6cba9d4ca13a9a54f0b2e621c5

    SHA1

    edb3f094f4925f4e81d7dda92f1b2f1d84d5c2aa

    SHA256

    064a0a29b772cef8f32f18b07fc65fd5e3b6b60b7082c9f1caa561a18ab1d1a0

    SHA512

    0379637ea6a326793bfd744fa9222e1dbec5ba17b9f18c167fe3f25c159573dbb0c81132a60e7dc078299d50e6b6a7a1d4b441c1fa12431c52243a2e8fb4cf67

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    138KB

    MD5

    b3bbd6a7a2706113d140c6b699f9528f

    SHA1

    40ab6a50cb3948e448319436a272fbc9afec45f9

    SHA256

    2bdf38524705265da79186f6e711db2b00becf0ac374402636e0ec4a7a48b2e3

    SHA512

    60ad20352c48c9ce3d22740c0c9069fd0ba143bde8424891737bfcafcecc09f1608c94ac18a9d68a1a030fefd5b1a1c5c30e13283fc4f5239be100fab6cbeb75

    Download Submit

  • memory/1628-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1628-650-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.