Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

530c4de1f7...e7.exe

windows7-x64

9

530c4de1f7...e7.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    09/08/2024, 21:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    530c4de1f774d4f9e9821d51a36226efb42abc8f5047a5a4d55e742d1d7e76e7.exe

  • Size

    58KB

  • MD5

    c77202ccfb27f9f21976521f19f09fd2

  • SHA1

    4504de40346cc111292744be84872d9849d99fd8

  • SHA256

    530c4de1f774d4f9e9821d51a36226efb42abc8f5047a5a4d55e742d1d7e76e7

  • SHA512

    84ea538acf621534c6dae59419273ae008630ea64503c3f45132a35dbc639366b9621b8422dd30126d69a8a0d79874d45af19071e0ca1794cc84f21d1b2ab9ab

  • SSDEEP

    768:W7BlpppARFbhjbhg42LcfpR42LcfpVF/MF/3Nw/Nwk0cEMdV8IEMdV85/K1p:W7ZppApBULcfpHLcfpX2/Nw/NwmxP

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3792) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\530c4de1f774d4f9e9821d51a36226efb42abc8f5047a5a4d55e742d1d7e76e7.exe
    "C:\Users\Admin\AppData\Local\Temp\530c4de1f774d4f9e9821d51a36226efb42abc8f5047a5a4d55e742d1d7e76e7.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:848

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2257386474-3982792636-3902186748-1000\desktop.ini.tmp
    Filesize

    58KB

    MD5

    9f0ecb248156a59ea1c1edb8331ee6de

    SHA1

    391273678002642417a6dfbb3d4f770aec257de8

    SHA256

    330f1d367a0757edddb520b9f61e5ce88b85e4999177ba8503645baa0d0d40be

    SHA512

    4656323ab34fb5311056abdf5f432c010c07b57a11bc0e6762399d618e21be71593f74d9591d68e11190da5131e393d571a7d424cc1220e10a64b5a46fa527dd

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    67KB

    MD5

    9c59e8531fe7a94c39654086a5c7c533

    SHA1

    f044ae06110c2abc074996d0018eeb3e7f60326a

    SHA256

    5c29fb0a4a89cd476254113e8701916d77616f0e527adfb093007b3260468f54

    SHA512

    546d53cc0d1d9a0f1f23a0a412cae914d23fb5c7d8a69ac8360f72a3a720a88c3cc3fdae8ac41ed3fd65e0d57d215afac819d431370f0810d5fc18fabfe6b624

    Download Submit