Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

3fabe631e7...5e.exe

windows7-x64

9

3fabe631e7...5e.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    20/05/2024, 21:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe

  • Size

    98KB

  • MD5

    b926d57077973c9d90f38c71828d3597

  • SHA1

    a2cb439a57e5f0cc68c143bff1637faa6226bac6

  • SHA256

    3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e

  • SHA512

    ea456b54b1648bd7d9d1998a7b115bf731cdcafce4bb1fa9f248fbcefd5198ce6b6612530f64018ab90a8cecd4511bbe4c74058ea63c7a8beff51696b0460c56

  • SSDEEP

    3072:6rWpcOPxPke+e3fFpsJOfFpsJbgEF7jYk:tFPxPke+eIt

Score
9/10
ransomware

Malware Config

Signatures

  • Renames multiple (3436) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe
    "C:\Users\Admin\AppData\Local\Temp\3fabe631e720b90b8d2480b2d7fae63a6b12574f6d22e8ea81b5eda8902a865e.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp
    Filesize

    98KB

    MD5

    df51eb4f4205e5bad6c157f0e27da2cc

    SHA1

    2cd4a429d2f0a8af8006c1789f452f354b552516

    SHA256

    fddad9cf163d32cd425cc66c8756821d828e99905824edb534443bbf22acf16a

    SHA512

    193a1fcb4082e2ae8559a824e25b376b227aa76148544fbf8bc07b871493657b2b8a184214846182f614933e621548cc7eb6ea7fd7545d970c62afa25fbfa521

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    107KB

    MD5

    5950ee4f59a4b143ee79c587897a628b

    SHA1

    317d13859533876b6db27bb7f82d2ff5d5e2beac

    SHA256

    df942902e3ce0b4deb96ede2c8490d5cecb92c4cbb8a5e94695b4bb38b737e29

    SHA512

    ba82509ff29033bc671587b0ccc1bcbbe19c0733c1323db1adf3b65e7454b6d78eaf65cde3c6134d90d62b1e8dc159bb4ad4308c527758761402dca4e558fbea

    Download Submit