Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

a2a31091ff...2b.exe

windows7-x64

9

a2a31091ff...2b.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    98s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/05/2024, 01:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe

  • Size

    165KB

  • MD5

    82aa132a94d3d8439cdd950fefa887df

  • SHA1

    13a3ad819ede8226df4184f120f2c1dee3349c4d

  • SHA256

    a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b

  • SHA512

    43eafc0a9faa87d6c587211cfe5dd54e3ab752e94f5cd16d2ebaf22442727d0eca2addbd0cfeaacd3701e22fbe120c104990e2ef511c80a0c8d3ba860eb07417

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q1pkMJ+ZGtK1+ZGtKQNMdTajOtGtU1wAIuZAIuJBn:KQSo1EZGtKgZGtK/PgtU1wAIuZAIuX

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (4684) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
    "C:\Users\Admin\AppData\Local\Temp\a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp
    Filesize

    166KB

    MD5

    f501eea108fa2b8c222a3d8bf621b35c

    SHA1

    8e73f1cd50404308a006c456d6b5735de33b15ba

    SHA256

    dff62c726af43229a668130b57435a85d79ba6b676a1219ed6af2e2f4831d2aa

    SHA512

    d6d2b013d57b452b53f3c19c540d2bb2bad9b016a827480dd935f598e805adfe435e5930f17545fcbfa6433bfbc1b88b0b33587b9033c35511d07c9e38577c3a

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    264KB

    MD5

    9073ce1a33fcb568bf1dd2791794d883

    SHA1

    c356475d0cb5086be304469f47a361fc574e43e0

    SHA256

    bace856dc83a37d28b7a244f48ec4b41af0e7ab01c2b468315ab5a5fcfa08e52

    SHA512

    d58be9707c7832f2d1be346eead1a38f50a00f134058d843d3ef2bd731a0e9f5451e4cbafe25ceb71bb17606deaf5d976b4c73cd7101f046093229f2385777e9

    Download Submit

  • memory/4040-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4040-856-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download