Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/08/2024, 09:49

General

  • Target

    78e958c9f6addd0589bb5175aa3cdf10N.exe

  • Size

    147KB

  • MD5

    78e958c9f6addd0589bb5175aa3cdf10

  • SHA1

    4b446c0ffe961c406a9f9add30dd66f63335a2e2

  • SHA256

    1aba43ffbffe2aaa82a4ac7ba964b797731530c767b52d35185c356436432e66

  • SHA512

    fc4b06c9dc6b0debf4d9fa196c0c5ad40b0c86e72a68dd021ea0f31aeedcf43f486f1a2a2eada4297765bec54ca4a2aa198ff71bd6505beaa3ad2a0fd2109dd0

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8IZf2XcqvWTWn1++PJHJXA/OsIZfzc3/0:fnyiQSo7Zf2XGQSo7Zf2XS

Malware Config

Signatures

  • Renames multiple (4239) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\78e958c9f6addd0589bb5175aa3cdf10N.exe
    "C:\Users\Admin\AppData\Local\Temp\78e958c9f6addd0589bb5175aa3cdf10N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:784

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2412658365-3084825385-3340777666-1000\desktop.ini.tmp

    Filesize

    147KB

    MD5

    d89348adbbcc52b9c51a1ce6bbb34b0b

    SHA1

    787fe670a3e861359b5f2ca02104d58c1939bdf0

    SHA256

    c026fd94ebe4f0ec0cd37e35492240351460965ace97e4d9e29b52c4146ddf3a

    SHA512

    6da93cb3fdb4e0fbd59ff0a8ac7a387b4f0d5796419e87529c68812108ccd8ff88e3a98cc1cc37c57889809a227d28f68e3fbe51a6f55bff8e965b1755173263

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    246KB

    MD5

    3c8eafe430701868433268d0d0c39034

    SHA1

    62b186fae151561c19d3f10f0d6fddb538e6bfa2

    SHA256

    43cfc8b8a3cce89a048cf20561a93adcb65cd05e1fd5c3a789f933a882c3af85

    SHA512

    969b2a12a4ba13c19beb962f9cd4100f58d586e210aa1e1d3cfaee845a4939ace61c6c0a645f9e24fe13f3a9a1ae75920c1998a14f3fb36040b96f706865a29b

  • memory/784-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/784-1746-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB