Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

6966c64e18...0N.exe

windows7-x64

9

6966c64e18...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    13/07/2024, 07:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6966c64e183106a2aa1e82d2912e5c40N.exe

  • Size

    122KB

  • MD5

    6966c64e183106a2aa1e82d2912e5c40

  • SHA1

    07d95b5bb89d71e97f88865bac010e2daef72ce2

  • SHA256

    d91f8b9eddcf66d0268b83e49a4117c2b27b3ca1c74b005516ce514214adea8e

  • SHA512

    79a8380c920750a83634597d4e91b26d0538e47b831fbc57970fb5103b83d8b9098876e113b694c6c057a71d7c71e0ed7000082a64872b4eb3122d6cf5360da9

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxmTWn1++PJHJXA/OsIZfzc3/Q8zx7:fnyiQSo7QSoG

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (2936) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6966c64e183106a2aa1e82d2912e5c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\6966c64e183106a2aa1e82d2912e5c40N.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp
    Filesize

    123KB

    MD5

    26e361609a350fdb7c8d31e86c5a6738

    SHA1

    af2b07b54b60d922a32e9d57d134476c4c4e424d

    SHA256

    a6759f69d8e74302233fa019e53622ac6a3c8ac69f272eed32d1f5e921673d51

    SHA512

    1008850191cbe1a40ca0a29f0c0b820c655d787aa666bb6223f365c0f097c705415c3758156e11e1581684efe248a5b1b279abf5b8ad0988726a6787b0be7945

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    131KB

    MD5

    ae8410bb1bc51f0f193199e065d146a7

    SHA1

    75084d89eed3d8f6a95039e8e8fe2cb11195f705

    SHA256

    fd4668f370697e9fd64374569acb13b2bc7daac6767af41d3e72694cffdac3a8

    SHA512

    ab1d46eb2caf7f9079c80028289c2e44e61cdaf5cf3ca56096f092305db6f33090bcbb67501027675298519373b0557fa2067f76a0c0519b190d0f3aca6e3b6b

    Download Submit

  • memory/2112-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2112-660-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download