Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

56d4a9cc5a...0N.exe

windows7-x64

9

56d4a9cc5a...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    24/07/2024, 06:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    56d4a9cc5a98d0979a02a4ceefe7f4e0N.exe

  • Size

    137KB

  • MD5

    56d4a9cc5a98d0979a02a4ceefe7f4e0

  • SHA1

    643c2107d05059a92590b9f64cf60edba8ea68da

  • SHA256

    24418d759f6d461e0321e9dbc59c2169aeb0b116e7695c11210ced32bbcd1733

  • SHA512

    bfb0acc836876262a2478099353e80d6f9084e51d29f5912b76ff2c5d909eac6fbaff68838e481491ed550c8f1341f5098cad5e16ce8bba4544537033258ec58

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8NCuXYRY5I2ItTWn1++PJHJXA/OsIZfzK:fnyiQSoDuXuv3JQSoDuXuv3dwL

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (2764) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\56d4a9cc5a98d0979a02a4ceefe7f4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56d4a9cc5a98d0979a02a4ceefe7f4e0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2528

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2660163958-4080398480-1122754539-1000\desktop.ini.tmp
    Filesize

    137KB

    MD5

    cc95f3c4d5877acf99e757f250eb50f0

    SHA1

    4f847aa413bbe56953569ab037059c43b826ade1

    SHA256

    f85b9977c7103a01fbf577a3a7773d4c7daa25eb631234cd4e15bfbb940e55c2

    SHA512

    d1b4ca21a19efa78c63c43a32dbd506a4e067d3b896fd00880c6654ea0c5cc22b769bbbd5c806a0c4cf5c6bd862993aec0297d653e5a2ad17fc2edcea1985c03

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    146KB

    MD5

    5360bb1e155dc99e4dffb56d206ad057

    SHA1

    c394f52923608df9d427974b78241c2b5b4cb2d0

    SHA256

    6da42ceb3791f79ab2c4547e010a64a2ccf519e6145b3d1185322a8cbe79b613

    SHA512

    15cc8ce9350f1a744359b99472e1592225ccadbe410d3a9ec8dc259831aeb8ed7f29630550df683299cf7d122d7e6612fabafd834db6d423d5c21f98d65926ba

    Download Submit

  • memory/2528-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2528-538-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download