Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

ec65f51dd5...0N.exe

windows7-x64

9

ec65f51dd5...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    22/08/2024, 09:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ec65f51dd55ccea3352eb2bf128c3b80N.exe

  • Size

    80KB

  • MD5

    ec65f51dd55ccea3352eb2bf128c3b80

  • SHA1

    556cd90774f5dcf593978901634169daf2878ec8

  • SHA256

    48c61a95953379cee69a02a9dc388a9db20a593ab633d35ff863950d937afa45

  • SHA512

    7c7aa58a702d2a7c048584bd93f7eb35f821f65d86f21f5d9ad77c6e13d7622aee9e76b94430ec34211634e36229f8cd30ca3c14382502c1d2aaa3e066f1ca6c

  • SSDEEP

    1536:/7ZQpApze+eJfFpsJOfFpsJeFrxFrd466:9QWpze+eJfFpsJOfFpsJ0rDrN6

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3147) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\ec65f51dd55ccea3352eb2bf128c3b80N.exe
    "C:\Users\Admin\AppData\Local\Temp\ec65f51dd55ccea3352eb2bf128c3b80N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2972

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp
    Filesize

    80KB

    MD5

    b3ff7b50006545234d631c97a415fd6e

    SHA1

    6b263f7cf03707a3246746895212e01304494363

    SHA256

    58de29db18e5d80ae2101fad37f91890a0ca2625a33e4f37fee0af3333fae88c

    SHA512

    7a8a9fbec59b37e5d52cf45156b56b22639b92044b35cf4b4a3945ef4185e28f1cc1e46dc13404406a7af0f537c3294218d4bcaa08a28e099d029d6bc94721bc

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    89KB

    MD5

    f0797e7f8e7c549073fab695d43f8305

    SHA1

    f342971243a18da5381488f8411e2b92005949ce

    SHA256

    dce035a90568f3fe9dd2ff8ecd52f0170687d09525350e265de1a16881987d81

    SHA512

    03edd6dff76c74b2363abdd78bf5303ac022920ece6c94170e191d9989a161e7da924a98ebcfb57d4528ab0ac91c1652a3539c7abd05ac37d369c795af8b497c

    Download Submit

  • memory/2972-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2972-74-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download