Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

516397e4d5...0N.exe

windows7-x64

9

516397e4d5...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    03/08/2024, 04:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    516397e4d516e0ec1d6943ddd8656150N.exe

  • Size

    84KB

  • MD5

    516397e4d516e0ec1d6943ddd8656150

  • SHA1

    87dd469a1122a1eb358b647eb9fe30dee7a87fca

  • SHA256

    8689444c973c5ef81c372fce472228c51eb7cb247209ea6d7f304dde1e486a48

  • SHA512

    73335b7f88dbe846bcf3d07148f561c18f2c852e15ef71d25ac4c8359f75b980c2e3ef172289f0779d11d89cc58acc4e8dc97c6c95b32ef4ac5469bda829e334

  • SSDEEP

    1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eTdsdYSWFYcUYcN:6e7WpMaxeb0CYJ97lEYNR73e+eBSWs

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3166) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\516397e4d516e0ec1d6943ddd8656150N.exe
    "C:\Users\Admin\AppData\Local\Temp\516397e4d516e0ec1d6943ddd8656150N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1288

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp
    Filesize

    85KB

    MD5

    71db48b9bae1981c1eeed2241502d63c

    SHA1

    3221cea84102679e11b9d6ba0e648b6e782cf545

    SHA256

    c0912e1d42b6c61c60e68141aba489a806bb9ed3d05af94c62280d81961b4ad6

    SHA512

    5cc9249cd44c56abc28e2eccdc53ce1851513e8b7e1ede05fb88e4206c7787ae7888f919d491c8b925892099059d00ea2465a68633bea8898e0d71d95a473dc9

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    93KB

    MD5

    1e86214b86b78d68ee2494bc42a7a32d

    SHA1

    17c499765f4ee71bec754d4af97ad92ce0f35e48

    SHA256

    69bb4d0329b51b30d3aff6e400653930e94a8f42e6d0aafe07392633fc33bfe3

    SHA512

    c6d8e82b40a0cbb08e7e401cb6d2cb1a50cf768248147b107d047ac3161be135dee36f5ac7c2f978a08d2c7bbf8b7fae54ddc4683b0e1b32a37c6ff969d84039

    Download Submit