Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

3a1213132d...0N.exe

windows7-x64

9

3a1213132d...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    23/08/2024, 19:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a1213132ddf537e89dfd42f9647e600N.exe

  • Size

    34KB

  • MD5

    3a1213132ddf537e89dfd42f9647e600

  • SHA1

    d1c545ab6a5c02ecb21ceddcfd731ea70a43bba8

  • SHA256

    b0ccea3ce2f1bc7d79bada89d3585c9c74d03664ad5b1a58dec1399a3059f331

  • SHA512

    4808be8ff3378982b89a692034c4e1e321585634093acf843bd9ce880e9dd4635b8726aad2cc1ff2103d17153eefeba555cf57e02370dd01170e588624915da7

  • SSDEEP

    192:pACU3DIY0Br5xjL/EAgAQmP1oynLb22vB7m/FJHo7m/FJHZaza81:yBs7Br5xjL8AgA71FbhvDGO

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3284) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a1213132ddf537e89dfd42f9647e600N.exe
    "C:\Users\Admin\AppData\Local\Temp\3a1213132ddf537e89dfd42f9647e600N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1964

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp
    Filesize

    34KB

    MD5

    1f69d3f320ab6a5a337c7e273813d940

    SHA1

    d218f6b91f569a05f88a2e9b062cf8dee82d1ff0

    SHA256

    8797056d819108b670585b7806d8257088f6b2a925ab6b4886c7cb0e4e9d073f

    SHA512

    a444bce0fa702d21487dd52351dd864369f72434c6ccaa4ffd100c8ac4dd88020e970a00211a80ccf02aa896fa728b3b10582189f27318ea3814c84b1b9d9661

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    43KB

    MD5

    23936d1ad78374255704f767ee97d69b

    SHA1

    de771b33969697d4e62c24124dd0e5cb702c4c33

    SHA256

    2db187eed2351533caf07b1df889e2561491ecfc49b1f51a84a24061b2a905d1

    SHA512

    1d6d9e3766c5726fe6c6b189ce4ff4f0ddca9754f8b85127b8efe93a84e8f85517194496666e89241ac82985f094ed326df38ae4c815db1ebe9c9d8bdfa50e0b

    Download Submit

  • memory/1964-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1964-74-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download