Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

899f9eb14b...0c.exe

windows7-x64

9

899f9eb14b...0c.exe

windows10-2004-x64

9

Resubmissions

05/07/2024, 22:36

240705-2jc63szgkb 9

30/06/2024, 23:59

240630-31zxvashpn 9

30/06/2024, 23:55

240630-3ym59sshjn 10

Analysis

  • max time kernel
    149s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/06/2024, 23:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    899f9eb14b629b413d8fa84dcc1653fa2477e8fa4e4f119cd02dab78f9e7a10c.exe

  • Size

    90KB

  • MD5

    6222154957fbf89f273719c001f82a6c

  • SHA1

    14a13a772f654c8d46de97e56db3e75ffaeb86fd

  • SHA256

    899f9eb14b629b413d8fa84dcc1653fa2477e8fa4e4f119cd02dab78f9e7a10c

  • SHA512

    6bf4e345f1ac322a7fab6beca852765ac369b7bffd6007b272aa5458f4c354804f891a4aa5d22c4fef60dbb5e0e5eb37645bfe98413f4de91b8e925294d13af0

  • SSDEEP

    1536:a7ZyqaFAxTWH1++PJHJXA/OsIZfzc3/Q8VCnXxX81jmQJHdJHr0GUykUyN:enaypQSoPXxXTke

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (3443) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX dump on OEP (original entry point) 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\899f9eb14b629b413d8fa84dcc1653fa2477e8fa4e4f119cd02dab78f9e7a10c.exe
    "C:\Users\Admin\AppData\Local\Temp\899f9eb14b629b413d8fa84dcc1653fa2477e8fa4e4f119cd02dab78f9e7a10c.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2447855248-390457009-3660902674-1000\desktop.ini.tmp
    Filesize

    90KB

    MD5

    da9cf5fd5fe16bab00d7ac82b494dae9

    SHA1

    5852b37a34ab6881c972510e274a905cdbb0aca5

    SHA256

    a768e678a4d83949c61836114a00494db1c2653b3e842bb6e6a1fa778d3ee9bc

    SHA512

    44a8eab9083a8a2399d84e1cfb77d6be81d8bf74a17f2ce919bea39093e8d6e32fa87d94e7d1062a111f3c9fe5dc77727217a504f02fa04ca0daf8911e2b4d58

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    189KB

    MD5

    98d6499d91e3afe25374fa3b53c5af9b

    SHA1

    d6747ed98d367a8a28d9df10e300ebc1d9e40440

    SHA256

    2d67cc3317327d72c590207904f151e081cf3331cc9e4b3e878116d913cdaa3e

    SHA512

    f9ee5415f599ac4e0edeaca30d2d677203df552ac7276c038a2d0dcfb9ff2f316c7261deb4ce61cc1b000da13aeebfbd8905739fec4bd106023b6bbbb54720c8

    Download Submit

  • memory/3952-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/3952-1248-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download