Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    31s
  • max time network
    48s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/08/2024, 12:45

Errors

Reason
Machine shutdown

General

  • Target

    8fbbc4a843c9c854779fc215d1cc34e0N.exe

  • Size

    57KB

  • MD5

    8fbbc4a843c9c854779fc215d1cc34e0

  • SHA1

    5c302058036612771fd244aaacca94f59ed0372d

  • SHA256

    fc28cd748741f8886b3321c97587ab0695f15dc4f37ad855cd1f034851ea3989

  • SHA512

    35da8fa07e4d83ff3bec6c65352964e8fc297f747ef0a97dca4467bc0dbcb3c0373b34e3852df9ae5840b76b5652cfc42b04a9aa8d2ff1aa55d3973a32490703

  • SSDEEP

    1536:V7Zf/FAxTWoJJB7LD2I2IHsLMzgGYJ5OngGYJ5OU:fny1tD33HsshBh6

Malware Config

Signatures

  • Renames multiple (815) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\8fbbc4a843c9c854779fc215d1cc34e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8fbbc4a843c9c854779fc215d1cc34e0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:984

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2412658365-3084825385-3340777666-1000\desktop.ini.tmp

    Filesize

    58KB

    MD5

    266648f11712e51f859e662b11f66e81

    SHA1

    981952ced4e133877cc9505dd939c17db861c42e

    SHA256

    8ae474582d1b075ba6318f0fe9696b3e4fb25c2bb91bb62da849b87cd64285a1

    SHA512

    a9c527366e3eb928f78ac4f6fea010ba81ff36a9bbc2bd5bc6893da68365510dd1057f901dbd67c4df60d7b1ac26f1f2ef5e63601b38daccc652fb3d8f0737ea

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    156KB

    MD5

    ef10bab10a69a8e7ace85c3964d94b82

    SHA1

    cef80ec63cfa5014eadf5ef370879d3a38a5f01e

    SHA256

    764d934dbd16596399871fc9a34fc5e9edaf443c510c56b2fd23af21c93b583b

    SHA512

    7becf68a2df6e03afed12d15eb3631090119e326ea951f67f641cdf551999d8d15562db8b98b19dc845677bebed6fb832101902c74a251e5417b44026c7d958b

  • memory/984-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/984-1780-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB