Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

8e4b379e28...de.exe

windows7-x64

9

8e4b379e28...de.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    08/08/2024, 00:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe

  • Size

    195KB

  • MD5

    ddc7c7b6cf88fdf9727e29bef841e694

  • SHA1

    2936b6d8643df8eee5b7dfd7798114f2b144d4f0

  • SHA256

    8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade

  • SHA512

    f63f92e487f25e6483a0e76f6842a5a2286ff05f15cbd2bad573524ae7bd99a3e212ef15b0854fd0e8a862719fdedab0d4f0bd3bf206c518d11885451316f0d7

  • SSDEEP

    3072:6e7WpMNca3rytOkWpXfnYRl2l/9HSFHzJ0lBJTzkf:RqKB+tOkWKR0iJ0lTzkf

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3249) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe
    "C:\Users\Admin\AppData\Local\Temp\8e4b379e28a03c85d06c34cd2f0c018f9258f113a31108d6ed76b877966a8ade.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp
    Filesize

    195KB

    MD5

    1595adf37a96638d1709cfa3cb500679

    SHA1

    d798670375a06c23db8328badcd8c8f9ec742807

    SHA256

    0986c66ed0571dc1fb870d9b6084f5f62a38f5f43d4240257f8ced446465fbe2

    SHA512

    aec4a2d6a731425484048ba425fb9d42299120fb69527e836a89420bd201a3655208637418acac43d783e1fc74e882f3a3b0859190bed0beff7d415a43f55c63

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    204KB

    MD5

    31b4845b0dbf82a38f013250a9b284fe

    SHA1

    62f54b6cb5130f5d54f0a29d6836b4f298b2c3e4

    SHA256

    2cae80a23ce6c17dcae54634b6044ee55f27145a4972aa2dc0bf30e204edcfbf

    SHA512

    1226acac494b152024d734ee8be91f123281503a1a5d736166b98fab5497fc762fcc3193c9e06b643b319b792e3b1935d57828a3f0f7cd1e58d3daa9d23591fa

    Download Submit