Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

42f00017e2...d0.exe

windows7-x64

9

42f00017e2...d0.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    13/08/2024, 20:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    42f00017e2d1afe6b9e00ee5777ecdf954618f962e3da893aa5c5335363643d0.exe

  • Size

    47KB

  • MD5

    80345d93aac3d5101c234fa9009bb4ef

  • SHA1

    bb8700ab75b85cb43a4cc1acece8e8de971f2c22

  • SHA256

    42f00017e2d1afe6b9e00ee5777ecdf954618f962e3da893aa5c5335363643d0

  • SHA512

    ec7f542ee9bcb72792409993758a76b487d0070cd0a0e4700cd2a0825c907b5cb39d97f6576c054af1e164b019183edc7d3327fdd60152401b1c76b0b13abd50

  • SSDEEP

    768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFjqAJLOqAJLa:W7ZppApBULcfpHLcfpyDZ

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (1174) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\42f00017e2d1afe6b9e00ee5777ecdf954618f962e3da893aa5c5335363643d0.exe
    "C:\Users\Admin\AppData\Local\Temp\42f00017e2d1afe6b9e00ee5777ecdf954618f962e3da893aa5c5335363643d0.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2904

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp
    Filesize

    47KB

    MD5

    276f16557393d8c3cc5335d89b1be589

    SHA1

    a68598c4ace3b30efd45285045ea004292153c37

    SHA256

    08a6afc41e3124a26199659d28eb4e6277b90145c9af776bd7de6f92f6ad4b28

    SHA512

    060f4b15bdc48261264da6f1c71096493040e9e8c9c445f3b4645a58857008d7f4b3af02447a15131b63f874bf8627f9d3e3f2ce217dd743d49d103daa4253ff

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    56KB

    MD5

    c2bab966856df52dccd6949d51264caa

    SHA1

    bd5d6fe604977c2b17cbbb05d7c376b574e41890

    SHA256

    742dc97108196598814d7b18599961b30f5dce3585562898d91b9c3fb7953f82

    SHA512

    ff4b4e38908fa0f3f20e98853b1e9b0709f0d589ef08cce9d94417fa1b5ef30513cc26664cf69cd94d603115cc8934d3ce9fc7131d683386bfd8a51d16f65aaf

    Download Submit