Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    24/07/2024, 03:51

General

  • Target

    45b2f4f78f4218b517124d248e520180N.exe

  • Size

    32KB

  • MD5

    45b2f4f78f4218b517124d248e520180

  • SHA1

    06d815da3915f759e3733a790a8d055694ee0da9

  • SHA256

    8c084d95ee734c9ea0f4b3cd628f4b0fb9c9321f0fbb1560a46120ff8111b659

  • SHA512

    d3427ca9214f06646233c254c7ad4c14d0935c3420b827252c65bb981eaa4480dbf1d785d5198c478d698484f54c2e965977a185cc2492fb3d812f2d1890415b

  • SSDEEP

    768:kBT37CPKK1EXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rcu90TKe+0TKeinv:CTWUnv

Malware Config

Signatures

  • Renames multiple (3141) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\45b2f4f78f4218b517124d248e520180N.exe
    "C:\Users\Admin\AppData\Local\Temp\45b2f4f78f4218b517124d248e520180N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2368

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2660163958-4080398480-1122754539-1000\desktop.ini.tmp

    Filesize

    32KB

    MD5

    e1dd2a6bcd230b564fb65a2dcb28930b

    SHA1

    f1999751ec31c922d0115e5622fb3d26cd83030c

    SHA256

    1d3b4ef1fac41ef23ec5f0925de32ccc68e5d3460087007b94418372c45dc2f1

    SHA512

    1651abf3ebecbfb0ee58a57e35ee357aa17b3b41368d05788046cad89d3317e162c85e6586f1b33941129f3c1df97f522207ad9027d44d7accefa2d5b16c3e0b

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    41KB

    MD5

    748003bf8e2b154290f3cfde88b15590

    SHA1

    4729521e0eff2ad0a520a05d463558a31f95ce49

    SHA256

    b24522c1797ad353de14a5c27feaa9f60b9af0db3c37d87f28d031d5ade1dc99

    SHA512

    2366353a66b2f4434f52ff7ed2c61a5e92484f3f22622bbb686c89c2c8078812f112e50014a560ba28de6afc16b0e4668d4fb4e11c39546693aaaf16fb3c0ac4

  • memory/2368-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/2368-76-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB