Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

bf9b2c15f6...0N.exe

windows7-x64

9

bf9b2c15f6...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    02/08/2024, 17:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bf9b2c15f64c4500dd9980518433dea0N.exe

  • Size

    45KB

  • MD5

    bf9b2c15f64c4500dd9980518433dea0

  • SHA1

    af48a611207db23483750185bc22ba1d23836478

  • SHA256

    1ea19b07d2ea9469b7ecc24d29e1febdd3d6d55adea32d9632a5c4ec16324585

  • SHA512

    a5cf20da3d2c66d0ad6734d5e5d85cf533928f01981f6e6f371465fdc8ffb1df97e4c82421c693ace51f437bdec81f632182ba9a0f6e3a7d71ad018731fec04c

  • SSDEEP

    768:W7BlpppARFbhknrzzA8JQ2AdJCzA8JQ2AdJWX0kXX0k6ol9OiJfol9OiJY:W7ZppApkGp4G+

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3327) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\bf9b2c15f64c4500dd9980518433dea0N.exe
    "C:\Users\Admin\AppData\Local\Temp\bf9b2c15f64c4500dd9980518433dea0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2524

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp
    Filesize

    45KB

    MD5

    31ff334ca09cf325ee18d0a2591e0688

    SHA1

    762149b9fb0155fa09a49688f729f2e31c6bc7fc

    SHA256

    15de2e38e1d3f901b5ccd9d46ac8f9cc9e33fe87a1eea29c90536cf2b845e7ec

    SHA512

    7b2bfc9df000697010e012a75d1a382ae59b77d87bca478f225c52299d1ee4da61ba7b4dbf1f0ca79385d9a983019da889f446a08317ab2640a90fcd73f3ecb2

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    54KB

    MD5

    25eeb4f388cf6bd2787580461306fc93

    SHA1

    22aa440157e72256c14c5a67fa0c9e316ab96155

    SHA256

    c0c630b99fc09d08c23fcc760dd83fe71a272050e2550584a56465cccca3887a

    SHA512

    fdba1899fc20a3e533c6c8f3e053ef93b694d00a29ffe35076dcedeee55d2718cc04da7549b39384f0e658f8df227fb4690e5195259c45c173edaaf467dafd3c

    Download Submit