Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

2d7d75c8e4...0N.exe

windows7-x64

9

2d7d75c8e4...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    12/07/2024, 03:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d7d75c8e438d08dec3e2c179f079ca0N.exe

  • Size

    115KB

  • MD5

    2d7d75c8e438d08dec3e2c179f079ca0

  • SHA1

    81b8824407f9df4d69a70ee52cf301c2081e27e9

  • SHA256

    3e9609fa99f1b1bc98dd31e4a3330ed310e53ecec50a0d53c1715a576a8c24e0

  • SHA512

    daa51f05d91c67bba3bafe1cf610c8e0fd099084e27e47269a2ef67fc6937073344a84f4157f45ad92ae09d542cb35af63c00a2f5d26b1883acc9b39ebc01f2f

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8+zCufTWn1++PJHJXA/OsIZfzc3/Q8+4x:fnyiQSoUurQSos

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (2895) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d7d75c8e438d08dec3e2c179f079ca0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d7d75c8e438d08dec3e2c179f079ca0N.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp
    Filesize

    115KB

    MD5

    7c8de3d88855e4a9a2abe95a1c3bc9fb

    SHA1

    c3ac7f5148ddb29588366335f1b2996e542a0b9a

    SHA256

    5e228c7730240c054e58bf76c6a7b98a490ac876d0780fc22d941366fd60c763

    SHA512

    c2079db7571ebb2691bcf508d7bbc996f2d760d094894cbf7019c5afc572d2b04d190ca0c1b1369bc843505ba31b581d04a2fb1416a1ab571351dd786108088c

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    124KB

    MD5

    7b8976a668fc3c80c7bc420990b5c348

    SHA1

    64b603749c878b79661068e4d56939dcef3b4a8a

    SHA256

    e6376b4afc684b3569f954248c117daf9283b4e313947442242db68763c01bdf

    SHA512

    0275fea015a163b15bffc3b3ca1e29e8617f41bfc792ff10efe2b013a732c2a52e7decdda4f1cabf715d26b84d0023d2ce7ea36a41420d20e8cfb779625d72c3

    Download Submit

  • memory/1056-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1056-654-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download