Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

0d0ad11fb5...0N.exe

windows7-x64

9

0d0ad11fb5...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    109s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/07/2024, 21:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0d0ad11fb502657e2f897224a9dc7aa0N.exe

  • Size

    57KB

  • MD5

    0d0ad11fb502657e2f897224a9dc7aa0

  • SHA1

    a01a86c96a1a4c4deeafb6385a893207fcf4483f

  • SHA256

    5312e5596fcc1c1c168f4496f0c98879f812c52816fadb93672050fa60e10597

  • SHA512

    27f9cc7ece05ad129f3461eb0cc0d2e2e5ebf777d2382477697b6b131faee5410f69034850bd10c24ffc5b43df309a3877476a35819c8be5386fdcdea49d0920

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8zx0Cq/8S/8s:KQSop8i8s

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4348) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\0d0ad11fb502657e2f897224a9dc7aa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0d0ad11fb502657e2f897224a9dc7aa0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1403246978-718555486-3105247137-1000\desktop.ini.tmp
    Filesize

    58KB

    MD5

    2a00417ebd8c545146239f0e7a39ca1d

    SHA1

    6e299eae4422f3564cfbebc075daf4a8061e58f9

    SHA256

    0ff18d66a18320068a84c7e8d708d22464726b71407643cc4c55eb49cf56e99a

    SHA512

    d7062c971586b81e0cb7356c96486c9502a3bfc208f46cb256f8c50bba90c8b9db45e93fe84ceca24c4d28db7789e35d6d1ebd3c4c907f627ba3e89cc736ba2e

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    157KB

    MD5

    64935523926a8ccfc5f9b3cfc423b4b6

    SHA1

    0e8d5e59318ff44ed50666a8177e5d5b0461610b

    SHA256

    810be8cb2b266b56e681a2c9872aab00f25f5fd8d35d038628165e0ddd74d6ac

    SHA512

    0cf7a41a0a6c72c73fb09cd19a840ade76573cf279a5a93c0af308a2867a9d70643ac7489ff4ec12849f8727f79db8f447649423f1a54b5b80948441a0555050

    Download Submit

  • memory/2740-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2740-948-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download