Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    22/08/2024, 07:12

General

  • Target

    33a4b281d8606e4724f75a4178c8ba30N.exe

  • Size

    108KB

  • MD5

    33a4b281d8606e4724f75a4178c8ba30

  • SHA1

    ba18d71540c3480dded99b22c59e9285b6498d8d

  • SHA256

    38cfb585512705551275cef8e8d0b1eb25b270c9e2ea721d357187799209c54b

  • SHA512

    a7469409546752b3ce29cee0cb054055d8d3fbd7a3e8250036861b8d9c58146e719a53b253e46433c2459cff3cd319f81462524264ec08278a359b4aa404c81a

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8IZf2XcqvcYdnS:fnyiQSo7Zf2XLnS

Malware Config

Signatures

  • Renames multiple (318) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\33a4b281d8606e4724f75a4178c8ba30N.exe
    "C:\Users\Admin\AppData\Local\Temp\33a4b281d8606e4724f75a4178c8ba30N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2252

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

    Filesize

    109KB

    MD5

    8edfa10da765095751e6aae0bafc58ee

    SHA1

    fcee442080f0e5af849876865b683d754ca915e5

    SHA256

    662154f0dda6c218bc6e78459018ef5b9dbbdd94ca540e24be24c3308d4947ba

    SHA512

    a7a6d57f5c4318995ba7a9fefae0af806c4d33ddba6ab258775028fee3e21b113ebbabbc686015e4eaec2fee281f831288d46da2440b9de0c10747426a05a8a6

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    117KB

    MD5

    329f4e52a022adee3e09ea1f7bb5a4f9

    SHA1

    ba4970c46975bd539d4aa60711b3d7ae7a4255a0

    SHA256

    d2f31d107bdd5a0be5e827aadcadd7279ec7dcf527f0b36084af3187e54154ec

    SHA512

    d74a00bfedc19a6acf78c7bd6993f1157572b10557c631008a6f45749e2060e89a5b8a2f4487ee590131ec4ee28e0496907476410e1255084f83a40e368d7deb

  • memory/2252-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2252-26-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB