Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

930d9d5fa1...0N.exe

windows7-x64

9

930d9d5fa1...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    114s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/07/2024, 04:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    930d9d5fa1bad2e37e03f8275b961de0N.exe

  • Size

    77KB

  • MD5

    930d9d5fa1bad2e37e03f8275b961de0

  • SHA1

    1d62b1176e17ea34089a5354492ecce20d844784

  • SHA256

    d79b69ec7a5c3d84074f7c6762066aa9b65482ccb3fb0b43c233276deaff8095

  • SHA512

    d7622d8bcd8a28832b2e00b1b970385ab5b146ae03a6c8cc4049f7de0075b91ed6cc982e1bda8075426a5e178c99d16b9340fc76b6b7ac934bb040ee56ba7b87

  • SSDEEP

    1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBKggU:69WpQE0zxgU

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (2162) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\930d9d5fa1bad2e37e03f8275b961de0N.exe
    "C:\Users\Admin\AppData\Local\Temp\930d9d5fa1bad2e37e03f8275b961de0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1056

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1750093773-264148664-1320403265-1000\desktop.ini.tmp
    Filesize

    78KB

    MD5

    ae92699634a6167c5a3d21b242a93061

    SHA1

    b4f6404fa269783aa5d47d3d832071c6ce260818

    SHA256

    3206d768733ee03533b043704c0d76a96c396e523bf30228c188ea264173b5de

    SHA512

    c428eee1536aeb79d948aa91d518de8f81ff3f145bf7c2d15014cc114d26c131acdf42b95858f96cc234c5440fc886c985febbd4f9233e6ab371891afe1f89ef

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    176KB

    MD5

    63bf2dc0fb6b5d227b0b11e9c7cb0ba8

    SHA1

    41bdc0b5c444013dec9d6201df845ca58ab45503

    SHA256

    de935aec3580fca944e1bd3f1f85cfe1d9f1b24f90ab3a3ec6153cb974bb23bc

    SHA512

    27135f12b84446ad7a91983f59583e7eb3a8a2dc80421c7e31fefa5d18b849bb096b8f4de0110199a6147c70890280b72b1ca588f8caff50b242f1e5f6e04e90

    Download Submit