Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

4f69ee5bf6...0N.exe

windows7-x64

9

4f69ee5bf6...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    20s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    22/07/2024, 03:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4f69ee5bf6556c3f1e7fd2ef3f8d4d90N.exe

  • Size

    22KB

  • MD5

    4f69ee5bf6556c3f1e7fd2ef3f8d4d90

  • SHA1

    f31bbd0450ef224e52fb31c81ca2fc8b67e417bf

  • SHA256

    72a95617026a285bbfbf581bb38339cec39f77c916db71de19301d600fbdf1cf

  • SHA512

    09f1f362e677a912da18bc4b4bb0007c0b34749eb8ea39ee142f6879ab5dbdfe90caa496dd338314006392cd156ba330412aa63b8dd2ce94583d8b2877d301b8

  • SSDEEP

    384:QOlIBXDaU7CPKK0TIhfJJblDZblDZaOpeOpWB3j3cbNQj3cbNsmcacT:kBT37CPKKdJJBZBZaOAOIB3jM2jMhcaw

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (520) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4f69ee5bf6556c3f1e7fd2ef3f8d4d90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f69ee5bf6556c3f1e7fd2ef3f8d4d90N.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp
    Filesize

    22KB

    MD5

    fcf850d5ec3ff1c0595e252efa1cd6cf

    SHA1

    7ae9ac0ae1a11f63422cd4031b2a692fc49704cc

    SHA256

    953cb6e80a170a9829984882048e6c7abeedd63800e279e02937713c05ceb1ad

    SHA512

    a57cb23733735bc7af144127b3798e89aec91810b920c46c4984709efadf49ec8b9b8dbdb057c947d8e9b9b95ed6381d19fba4d065dd13e791ca3bf4dd340841

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    31KB

    MD5

    6add282fc2cf587418c67560de45cb47

    SHA1

    e0c242a4a24e816289c77b9b009012a0348d8be7

    SHA256

    85eacd2ee82986f98dc9458e41c52521e8b1af6d88eb45c19c8ab38d50f4479e

    SHA512

    3888080ed82588b873b8785ae6b0858e2fee353923ac8c5f9b2cd26130ed495f387c37d8a31c9b7d3f2841d01a84cb61041262d80248d395e49c2741330ada7a

    Download Submit

  • memory/2612-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2612-26-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download