Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

74ee7e4bf3...94.exe

windows7-x64

9

74ee7e4bf3...94.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    09/08/2024, 22:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    74ee7e4bf30b5880c2a86ddd357a829072f384a1ef46b80aba545a7d967c8b94.exe

  • Size

    353KB

  • MD5

    535f694b6554a95d610857645f0bd04b

  • SHA1

    83eb3981d560e45ae6ce18f7eaf8967102495b74

  • SHA256

    74ee7e4bf30b5880c2a86ddd357a829072f384a1ef46b80aba545a7d967c8b94

  • SHA512

    9039dcb96aa49ede7447dfa1ad876a7110979d1e4721998c83ac16d4ca9671c515df6650d15727da99f42e35c15e065231c61a956dc470333ba29ddd1383feda

  • SSDEEP

    3072:6e7WpuwfSkhvFpe+Zd+DjFWGDqkUJxsUYJwgH:RqFZht3d+b/

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (2808) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\74ee7e4bf30b5880c2a86ddd357a829072f384a1ef46b80aba545a7d967c8b94.exe
    "C:\Users\Admin\AppData\Local\Temp\74ee7e4bf30b5880c2a86ddd357a829072f384a1ef46b80aba545a7d967c8b94.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3016

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2257386474-3982792636-3902186748-1000\desktop.ini.tmp
    Filesize

    353KB

    MD5

    753cd8c4b89a4d6aa63d1eb85d0dbe44

    SHA1

    2dd0c8e594d2f6bd44d98e8d239990b734ab0978

    SHA256

    c9b4e03d29ea9f7e552776754833e0de34466466b36a4ae6dcbcac2051241a91

    SHA512

    c878a1f32d350a53313c016d97ca565bad9a8d4308a845b3d1fb8662df16b655c1a0eef625a54399829cdcb11c0e60a3ae4f18ea0446cfe455ac42dea4912a56

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    362KB

    MD5

    d3b1bee2b94d354253cc1bbc22a3a95c

    SHA1

    84178c08288e2cbf1de56b4bc49db99d01c7a4fd

    SHA256

    a126b561633b6d537ccf391d84c21f2c992d225fdcdf06520bca887c5572dfa1

    SHA512

    2b3e7d5a64a3d2afdf4644e95143df588c2667fb3dfdd2008ad29b66130afe61eec52650a56f17eac9fbda85d9c5e8d5c96deaef6cdaa387bc315865d07b598b

    Download Submit