Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

08/08/2024, 11:42

240808-nt7xjswhle 10

27/07/2024, 01:20

240727-bp25aazhmf 10

Analysis

  • max time kernel
    70s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/07/2024, 01:20

General

  • Target

    3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe

  • Size

    326KB

  • MD5

    2639ec5825ff4ff231b5c50cd50b9514

  • SHA1

    9e13e135171f42bd466f26242b320763bbfcfba2

  • SHA256

    3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545

  • SHA512

    207f3fa4577326df71c21a5b871b2e4778c6486ca4f289495b8b391314b2c9fc507c883615870c3cd8c1fe832918f06e375ce16d04f213048312e7d70a8d5dda

  • SSDEEP

    6144:PXqpsIPCYYNUBEP+abW67Dz4HFgnPOAzu0bD7P9YJJE:PqaIPbyUBWa5CPO0bPP9SJE

Malware Config

Signatures

  • PLAY Ransomware, PlayCrypt

    Ransomware family first seen in mid 2022.

  • Renames multiple (1232) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops desktop.ini file(s) 2 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe
    "C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1520

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1705699165-553239100-4129523827-1000\desktop.ini

    Filesize

    1KB

    MD5

    37dd2ce6a9351dc551f1899b45f0d8b0

    SHA1

    d770039f0c92ef1c9ab3a01c62413e54c9494094

    SHA256

    8d81cccdfb6a98908a90d928f102a17d4d05744a7e9d47fdbc7b2860dd5596d5

    SHA512

    ceab602d0b345cf5f27821ec67530926047acea976432deb2b0b381913cb86227dbd7cbf2c5c810cc5eb94d949e0dcf71bec3d3432b74700a7944960b49550d7

  • memory/1520-0-0x0000000002440000-0x000000000246C000-memory.dmp

    Filesize

    176KB