Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

4eee144855...92.exe

windows7-x64

9

4eee144855...92.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    11/08/2024, 21:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4eee14485515d5919356395f35571ec3612fc19149e1ff1bad7023197f7b3392.exe

  • Size

    91KB

  • MD5

    0cf873538df1fe5f5075105c3b02729b

  • SHA1

    db8a49069fbd76b46daf5c54c4b6123540014562

  • SHA256

    4eee14485515d5919356395f35571ec3612fc19149e1ff1bad7023197f7b3392

  • SHA512

    ca2f5b2da9b11a4f629395325c53eb4aeb3e5e5c7b91612ff246b1b9e67b450da0291feddee99bf8454b0c1c162f44768af2f4b2b43db41bdc24d45318c8c535

  • SSDEEP

    1536:W7Z2sspApGg7bobSM+t58qKcAK+j4nI4VfNgZ11PED4gJQeAAUZa0EzOMy:62ssWpGgrM+t58qKcAK+j4n7ByeFUF

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3455) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\4eee14485515d5919356395f35571ec3612fc19149e1ff1bad7023197f7b3392.exe
    "C:\Users\Admin\AppData\Local\Temp\4eee14485515d5919356395f35571ec3612fc19149e1ff1bad7023197f7b3392.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2312

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp
    Filesize

    91KB

    MD5

    68289cb7ac990005d0e32d7925b27c97

    SHA1

    166e1beab4ce7263b554d671a528f08b0dd40363

    SHA256

    d3f5ee9417ed39448265e864e46032f6d6237848b7efc158077bea2876d56271

    SHA512

    53e90681d22429776365b025c01c9ce63157ca6b2c698d53e1265d2742e6da1b8705cefb7543134296c61e75c06a481d4549affa1d34b40af081110ad37107f6

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    100KB

    MD5

    5e63f96d56914867a2f842cb763800bd

    SHA1

    874e2f1a009f1f8429129baf511831264af7e016

    SHA256

    4af43d4edd6c85ece237ec161553fa790520146b5c11ac6634e75ed8ce4064b2

    SHA512

    9c99213361b64619f0a8f37a31a27dab1e40ee50a6e1c8b9ecf8941b6930ddace113a700d7ce6a5557c14cd655f64253386517c245e9b4c0aae7e1f0cf9dd9d0

    Download Submit