Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

34140cb32a...0N.exe

windows7-x64

9

34140cb32a...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    60s
  • max time network
    116s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/08/2024, 18:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    34140cb32a48c91a4fc9f22291c175f0N.exe

  • Size

    25KB

  • MD5

    34140cb32a48c91a4fc9f22291c175f0

  • SHA1

    e9cd04949537ba652d9358f57b02f599ef70db43

  • SHA256

    4208e4ae0ab0a859360c88a4b735c1a46ca83de971a830ecf8f94307dd43c93f

  • SHA512

    217d9e1351db13c8cf8d98c8552eb6f5613ba0d6ecadece2aa790f448554df1c9fe9b2fd28084c2e07aa364f5cb8ed25bddb322dea821e39363dced708387974

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcI9Hx7oDo+:CTW7JJ7Tc

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (1838) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\34140cb32a48c91a4fc9f22291c175f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\34140cb32a48c91a4fc9f22291c175f0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1032

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-656926755-4116854191-210765258-1000\desktop.ini.tmp
    Filesize

    25KB

    MD5

    28e6de742a63147c4967d0947ce50386

    SHA1

    40e1b83a8ed2603bcd51294f0c487235ce3b5a93

    SHA256

    d9e4cd080f4feb1147189a93cbb129fce146b7fe92dd9e50c5c75d97695dd8a7

    SHA512

    dc21bd3978bf7d4f648e7c10dc7b0abeba7fe3d3b83191dc3a92866fffcf5e20145cad9627fe6e391ea60aafeddecdca3c80b94d088ce71ed0df6fe735790a93

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    124KB

    MD5

    25ccf35e976fcfac78c308d98465eaeb

    SHA1

    46585636e6efef631204d7e375654c257d6ddad3

    SHA256

    a166cef586ed217dbfc41345f203229f2fd1989e5fbda4b1733dfca5435d5919

    SHA512

    3f9636adf12c510eade48f4a5b00d9551a213f25053da7e3f2e02c755a146cf7b8996bab756eb4de9a122c1b32428ec4e6871c457f66757153b3e139160e0b48

    Download Submit

  • memory/1032-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1032-953-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download