Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

f595cb4b50...0N.exe

windows7-x64

9

f595cb4b50...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    17/08/2024, 10:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f595cb4b509fc658ea57693e674a0cd0N.exe

  • Size

    103KB

  • MD5

    f595cb4b509fc658ea57693e674a0cd0

  • SHA1

    becf34913e4cfad7a40b6dc7978b2d2f883b31ad

  • SHA256

    8a283b2371e0a9bc77750cecf7a52da0f989671e111a3d4cdfaa876abc259a83

  • SHA512

    297792d2558fcc528e28613706ba2b5004165d177f1ca2a4c6b23250e1b64f370d9df8234f65ac6b29e82efe8349bff4e614c5716e91856d44008e3c0e2ac990

  • SSDEEP

    1536:W7ZDpApYbWjIlE77ufL2e+efZwZQ/8S/8z3MLHsk:6DWpwE7oL2e+efZwZ08i8z3MLHsk

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (2939) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\f595cb4b509fc658ea57693e674a0cd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\f595cb4b509fc658ea57693e674a0cd0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:380

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp
    Filesize

    103KB

    MD5

    a650b05cf28c69faa3864c2a47e07dba

    SHA1

    fba04a24c0bb051b0a8104fd15b89cb3afa73f92

    SHA256

    f7b454699bf80b601efbf6fbd3b5d9d2923f1cef61bb5760ccb751e8eaef2adf

    SHA512

    cadb0d868d91e67903e400cfde5e75a3a0f0ede6506043a4537ee9a5c1bdd1ea03ee9e531555be6b324417feade9ce13f657c17c12943c8e6f1413a593db0d0d

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    112KB

    MD5

    b90fc6b52fd90f40ea40f3bdd778c6bd

    SHA1

    dc2ee0e5830c2845eec41c3123a6658ddb711113

    SHA256

    f3e538af9ef6325b459054d4c7c8690eed029fad698f48dd6510f64598f12280

    SHA512

    14593781274e73603368264e2cb9f3d47904cf5fa1cdaecaae879c8d81d8c10e81e4c41af1db35e158421239dc6dc11311de651b0456052889859b3f89bc1604

    Download Submit