Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

46e1ec899f...0N.exe

windows7-x64

9

46e1ec899f...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/07/2024, 19:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    46e1ec899f5a0282b1a89306dda15210N.exe

  • Size

    46KB

  • MD5

    46e1ec899f5a0282b1a89306dda15210

  • SHA1

    2c6ed268b5eb7c88c5f4d944c195cf755e10e9c1

  • SHA256

    988a2c88ad1c5bd07dab66562857772d874b9feca9631efe46c0ba7b1b12876b

  • SHA512

    02abb62c563b7de0753c09d34872e1019eac7b3b8313c8b09066586ea0422f06ae90fea7979855d055bfdf801c91876281f006f0ea00c4cf8b2ff32428d1d432

  • SSDEEP

    768:/7BlpQpARFbhn54fmiy+3BVr54fmiy+3BV6nz:/7ZQpApmi6nz

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (4159) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\46e1ec899f5a0282b1a89306dda15210N.exe
    "C:\Users\Admin\AppData\Local\Temp\46e1ec899f5a0282b1a89306dda15210N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4876

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-384068567-2943195810-3631207890-1000\desktop.ini.tmp
    Filesize

    46KB

    MD5

    1bb28c7b72990d3031242ddaa10420e8

    SHA1

    de4efabbf2c01b1e3b177a52b380d8b94820ec11

    SHA256

    d3fbfefe11a08d0d193210be377a90503bc92433c4e3303e359231c4997cb8f2

    SHA512

    f237c69580c7d459030ad30509f159a644d6ad9ab4a257b33dc9bedccca20b17e3a7bfa5b520ef708c933be85313cbb8f16df6884faa8b80430e5e2947250a9f

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    145KB

    MD5

    f064d2727014174364af558be4594071

    SHA1

    c80c3fc2c9e7bd75cf9018df9d8bd5d61fcb4503

    SHA256

    58acece5e8bfa7f425e97114799d8273565449806b77bdb1be4a0c786825b3ca

    SHA512

    d4af2c962bff3c605d91251339b6a67c5502a9dc5a8a388d43579b9a47b288f46bb2c3e25bfeb5a713397506192a0142def7f3b855be58e85d7f17dae76c45f5

    Download Submit

  • memory/4876-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4876-1660-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download