Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

081e54f4ab...00.exe

windows7-x64

9

081e54f4ab...00.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    02/08/2024, 01:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    081e54f4ab951df5857acdd7eedfed00.exe

  • Size

    53KB

  • MD5

    081e54f4ab951df5857acdd7eedfed00

  • SHA1

    8b4602bb7192f2194410bb0933b53a2c9bbd8c05

  • SHA256

    2b982d95eff781b61adcd70022dbaecd915b897a8e9a9ef6a045cb2f8bae4e48

  • SHA512

    2fad18fb48eca1509a822297f69fc40e72af2fb8f00f5541cca2da8d999a223be707ddadf235df699fcb1fb7f1b8cc33b15a81f6fe1a2fe2effde0582b063921

  • SSDEEP

    768:W7BlprpARFbhJ68nNIreUYEreUYX1nE9P:W7ZrpApJ68nNIreUvreUunq

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3541) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\081e54f4ab951df5857acdd7eedfed00.exe
    "C:\Users\Admin\AppData\Local\Temp\081e54f4ab951df5857acdd7eedfed00.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1912

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1385883288-3042840365-2734249351-1000\desktop.ini.tmp
    Filesize

    54KB

    MD5

    4d6aadd9e6148f75dbf16c1db10b9cab

    SHA1

    cd1154e981c276f89ae97966d5b0e279ecd48651

    SHA256

    9815f14cb0b8e89783cf7de03eb54552e33260824d7e8189dc67e44f303e81ee

    SHA512

    52f13a4c2f79eccaaf59b32115986fe18b632a02106589174912326ac3ff45696a58b0d9e00d0346cf16f821028932543653c725ad39557ece964215d3d9817b

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    63KB

    MD5

    1125d75607d0983c395107b100e96494

    SHA1

    93d17f41f198c650c5f895d9dbab06c20d504407

    SHA256

    f28e90833fda7071d36e8b8c9299537fb8d6b383749a6e06b94c7d63cb24c33d

    SHA512

    ce6ee90b4f16eac8a8b157f32e449f8d7ddfe7a849fbb5ace6513e17ddbe0d0ee591a4a2c64127712190b01abf48ab1189e8c40af4d20a5952417baa60b537bf

    Download Submit