Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/08/2024, 22:58

General

  • Target

    a19250d4eed762b3f5a3a823ff56d147ce0555a7949365d698da4ddb95d9f75d.exe

  • Size

    64KB

  • MD5

    dad1b151fc88bbca383be5e48f2318d5

  • SHA1

    a8b06ff88c935f20a2750d5e49680f3d415a5523

  • SHA256

    a19250d4eed762b3f5a3a823ff56d147ce0555a7949365d698da4ddb95d9f75d

  • SHA512

    b5d0c277352fce3a1b32c5f6feb4e5832c4ba98a3f83e41db67eb1172e22b13b3a55a45cd92d103a50725cc13f88ea9bf7d9368270c5b4b947ff5867aab3e4c9

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFz6:CTWn1++PJHJXA/OsIZfzc3/Q8zxY51

Malware Config

Signatures

  • Renames multiple (5214) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\a19250d4eed762b3f5a3a823ff56d147ce0555a7949365d698da4ddb95d9f75d.exe
    "C:\Users\Admin\AppData\Local\Temp\a19250d4eed762b3f5a3a823ff56d147ce0555a7949365d698da4ddb95d9f75d.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4388

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4182098368-2521458979-3782681353-1000\desktop.ini.tmp

    Filesize

    64KB

    MD5

    e6aee190b1a56bf6f080aa724b00aeb1

    SHA1

    9f3fb3e8b0b11ef41f64734886355d43ecd6915f

    SHA256

    3570acb57cdde56ee7d328ee2eeafa9479e5aa943e94a8f4e3bdb006dda0e773

    SHA512

    c771987633751bca4db7ae2a5bbd946c0a19b82a0b90ba70b4640d395b1cfed398d000ec93612e8b5449236fe4fac42b73b65c672d326ebfd7076f72baa1e633

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    163KB

    MD5

    d5a329b169fbb2a3578743cc93ec4627

    SHA1

    02fb47411b77f0f21c5949566fb74d5ac30cfe47

    SHA256

    e05240110daabf01b7dda22c7cee67c4e1a3130d837d7c5b83f0f74c75babf1d

    SHA512

    f7799b9c31a697c00a799dfe65d47b53124e46bd57e860931055cefa44ed920d701dea916abb77cb094fa8ac17446992bcca8752342d28edb50defcda3de4191

  • memory/4388-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/4388-1226-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB