Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

cd22ba7b10...51.exe

windows7-x64

9

cd22ba7b10...51.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/05/2024, 02:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cd22ba7b10df8e85062a4e8df18d345048e30ba3e9fe8b700fd1ae096a45ab51.exe

  • Size

    50KB

  • MD5

    479dbf6afa8e08f8c1361693c1c7836a

  • SHA1

    c4607cbaffba2aa78c44ceedb1dfbf2618e9fd8a

  • SHA256

    cd22ba7b10df8e85062a4e8df18d345048e30ba3e9fe8b700fd1ae096a45ab51

  • SHA512

    ea9f39494316ff9ee289c0f9e0cc6be9d10354efbb570460ef536e07edf13ba7b862254885955407468973dd76cf574e604acb77c0c28489744b97c925c08beb

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8asUs6iYid:KQSohsUs6iYid

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (5034) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cd22ba7b10df8e85062a4e8df18d345048e30ba3e9fe8b700fd1ae096a45ab51.exe
    "C:\Users\Admin\AppData\Local\Temp\cd22ba7b10df8e85062a4e8df18d345048e30ba3e9fe8b700fd1ae096a45ab51.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp
    Filesize

    51KB

    MD5

    bcb48739cbf7d10f0e74e64bcd99064f

    SHA1

    7c045575b274aa29182feae65360b62941b08762

    SHA256

    5bb9272e9b1c822a4891f70328a9598b287f72876c4b0c4b7f0e06614099ab2c

    SHA512

    27a20d7722198a3e8fca6aac6c0d3132e4a90cca48101c1c413a5d8711b9250ebebbf5d4b24a0ecc7c870a1e264d836fb0769454244a49a55a0552ae4c41c7ee

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    149KB

    MD5

    8df21cd173740c04ea1d54f6e11ea921

    SHA1

    4cb4516f9bff932d345fe91c811b41c4446a8291

    SHA256

    cd494bd40df27530d7539075fffc409040c72bae6c18059088cc12013486c39b

    SHA512

    063e3acf9e9bc5c308006eb495411183150893572af5ec6efa7aceb40b9737c2759b44eb199ab2ab186a20a316d2b7f9269d44ff924a47636f9c930700a50329

    Download Submit

  • memory/3404-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3404-1096-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download