Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

099262b36c...e1.exe

windows7-x64

9

099262b36c...e1.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/05/2024, 18:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    099262b36c3beb9e49eafefdf4eb537969ff759546782e52c9dcddcd7b94ace1.exe

  • Size

    45KB

  • MD5

    f98a261cfca6f109066daa5626a39a0e

  • SHA1

    337a63bd15ecf686a8f20d38ec741c5c12f1def0

  • SHA256

    099262b36c3beb9e49eafefdf4eb537969ff759546782e52c9dcddcd7b94ace1

  • SHA512

    9fff428a38708224c4e92a8cb9abe21f449353cfabeecf0294dc69d35c75b92dbae9b9bc08c4a7206a1c990e40e2272cb37eeb35eebfd2647b531c5e89235492

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFIO:CTWn1++PJHJXA/OsIZfzc3/Q8PxF

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (5125) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\099262b36c3beb9e49eafefdf4eb537969ff759546782e52c9dcddcd7b94ace1.exe
    "C:\Users\Admin\AppData\Local\Temp\099262b36c3beb9e49eafefdf4eb537969ff759546782e52c9dcddcd7b94ace1.exe"
    1⤵
    • Drops file in Program Files directory
    PID:116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp
    Filesize

    45KB

    MD5

    3c9f4c48343fe064bfe53bcf0a66720c

    SHA1

    ca9911353d6dd559f2cb64252b1799899449cb71

    SHA256

    b4998e8e01d0de8b1dee7a3ac20fc814fc26f7d6dd1be26ef8fc9e42cebaa7c5

    SHA512

    35f9497448950fce916efdc79a35eff34e7c76feece13d1ec4d9c6940e42ceb00d89fe00594c02022fe1677d25c0ffcf2e85c3c94415f9bf418ac6dfbe79f66d

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    144KB

    MD5

    c450cb05a9e257ab148752119c5047dc

    SHA1

    bae5b7c79ab00f7dc0c2e4b1b64c875a84f3958a

    SHA256

    4910c06d6474ce78c029f9f7620ff270bf031a910ed026cf70c30525a742614a

    SHA512

    780f4afd415a34dd4e5f0d8677a22647a59a02487b659106f71008c0c094810e1ff2622d76ced5f9e2e3ffd9a98fd7803d633ab415b4f0a4674781bdb0ddab20

    Download Submit

  • memory/116-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/116-1146-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download