Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

9079a0e543...0N.exe

windows7-x64

9

9079a0e543...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/08/2024, 12:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9079a0e543032d6f4a574704f5ef5220N.exe

  • Size

    36KB

  • MD5

    9079a0e543032d6f4a574704f5ef5220

  • SHA1

    b038216af579a0f7a30e83dc4a8416bcb72d9568

  • SHA256

    3a3aaef4d85cc0ceb950f8657345f7b4393447fcb434cf048ddc7184fc0ad544

  • SHA512

    b5ffddf3bd87468c13b1a660c87a095b34c590b7457ae94017d5fdd37a1c3259e24bbae9bf3d523e9ceac1cbfd5f99ca3ff9e7704320a4303a2e475de4bb78fb

  • SSDEEP

    384:yBs7Br5xjL8AgA71Fbhvszw5joPWjyjoPWjg:/7BlpQpARFbhewB

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (4704) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\9079a0e543032d6f4a574704f5ef5220N.exe
    "C:\Users\Admin\AppData\Local\Temp\9079a0e543032d6f4a574704f5ef5220N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4764

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1194130065-3471212556-1656947724-1000\desktop.ini.tmp
    Filesize

    36KB

    MD5

    9476a86a444589583382a4518acadffe

    SHA1

    e650bc29bf11aae12c70706a62e715acbb3dbf69

    SHA256

    a4137ae9e2b0aff9ed7126ce4df62ff4c692fce0edfa6fbdc01cfb1ff2581358

    SHA512

    9e40d2e3c25f6043e5f655a9a7daea9d4e4687bf9696efcb049a64a40787ef3f871270be2962da8a29068f22208a4c3f5c2f8e22b98b90b83f1cad1a023f73b3

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    135KB

    MD5

    6668012a31a7ef8b59babd42bfb28531

    SHA1

    6ae569a3e24c6fbf326fea9ffa24f396a83fc8a4

    SHA256

    b01bcad27db960ec2ed2d450b89435f5bc23360055bde7034a2efd6ac46b4a5b

    SHA512

    63c70ecae1091ec7eee233d4562c7fc4e8a8fe0d0993b948cb9d54e12a1bb43bc3720d28b93deb165b69dfcbd123bb0b1cb50ae0b7654c16bd29b5a8d994ab09

    Download Submit

  • memory/4764-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4764-1010-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download