Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

33d0cf597a...0N.exe

windows7-x64

9

33d0cf597a...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/08/2024, 00:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    33d0cf597a0aa322560793d30e453f70N.exe

  • Size

    202KB

  • MD5

    33d0cf597a0aa322560793d30e453f70

  • SHA1

    c74807dbddc5890d02137dabacc9a7852a8f2178

  • SHA256

    445a8acb64146ec6552e1e798d66c462c24bb366dddcddfdcf5f769eac9cdfc8

  • SHA512

    10c5c8f1345a966300b2824b3cd3a1aa192da74a43d39aa69983db546f41cf132cbb25e09223a45a4bd442bc10b626a6f69426316a0c7cd1e6dcab9c60d07912

  • SSDEEP

    3072:fny1bMI9KHpKHDGCLOwstyhZFChcssc56FUrgxvbSD4UQrO2lxGF:K99QpKjShcHUaS

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4157) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\33d0cf597a0aa322560793d30e453f70N.exe
    "C:\Users\Admin\AppData\Local\Temp\33d0cf597a0aa322560793d30e453f70N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4952

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-786284298-625481688-3210388970-1000\desktop.ini.tmp
    Filesize

    202KB

    MD5

    a5d2445ac5cf03ac6cda8789860a8a4c

    SHA1

    cfa6a6dd4557b6ab23c0f053f7972776ca33c324

    SHA256

    c5e2d482dfd4e5e60d496d4b3080d1c9244b6e92cd80ff99bf79019142ef0ad8

    SHA512

    a622539d49cb6384c0141cbda710e99dad575163d6bcb14867da7b8927c10f70fc6519056aa2ff6fb721bc6e86b261046d2c95342328b1339994aca9a8f7b08a

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    301KB

    MD5

    b93a6860d82b1c2ea0cb649b309322c0

    SHA1

    f892c6dc89efd4164d326fd9b4aaaf113bf32e62

    SHA256

    f6be1a4a5303661fb2de145f84bc996f32a8d1038ab8c2e724dc39e57d602539

    SHA512

    a31a033b26aa5393b0c612b9b6a6715f6176471f7e84721d66da4da665de8178db142b28cb8b2f11b267f874b73e2def77fbb0dc2ba50196b0e7521915de3960

    Download Submit

  • memory/4952-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/4952-1734-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download