Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    16/08/2024, 20:35

General

  • Target

    99df5398e3a96d12ac2532018977d430N.exe

  • Size

    44KB

  • MD5

    99df5398e3a96d12ac2532018977d430

  • SHA1

    dbd0ad229d8f394276637208d067006bb914cd4d

  • SHA256

    bc9b420c553e244222f72596fa19c9e65c5055304288c07ab900862c38a238fb

  • SHA512

    57c86cfdccf63fed679eddbe6e97de595434a00584873d669550cf1f91adfba98cc5a663591130ee0536dfb59c6b3bfef236794dfb90b3f2dffeb5c60b8f4797

  • SSDEEP

    384:FBt7Br5xjL2Kd5AsAoh6n5eaOlIBXDaU7CPKK0TIh6SjeYDTcYDTkZW8b8T:V7Blpf/FAK65euBT37CPKK0SjeQT

Malware Config

Signatures

  • Renames multiple (3212) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\99df5398e3a96d12ac2532018977d430N.exe
    "C:\Users\Admin\AppData\Local\Temp\99df5398e3a96d12ac2532018977d430N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1512

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

    Filesize

    44KB

    MD5

    1d1eeabca0497a5dd1d4e7f7d45a3184

    SHA1

    1e97d9f7a9b33071dd591fd6d991807c3479b422

    SHA256

    41463cf7360de9cff4b8c6e02d1a9c5d4cd6d18cd34e9dadd8b9d9bea37a4a44

    SHA512

    5183abd147f21c755580e41971c3c6108c969d9d01706293be5215f80d43bcc09e0c809fdcf93cb9be78b9b61bfbc4ce24ebc42044279fd608b8610f40523509

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    53KB

    MD5

    b289cc7783014cfb5173514bd4a9c0bc

    SHA1

    8989877fd3da3738b051ee6d9138f862079663b3

    SHA256

    a13612cebc199a0b2f94cc85f116760507837bb214ff14f35a65e93415075571

    SHA512

    6660f2f7120e9d0022b47fa0f730d5c126db136bb77063d917b4dc4ac1db6f7e4e87fd1f39589591d03e812162497eee8794982d28948135e9d22ce8e4487314

  • memory/1512-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/1512-70-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB