Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/08/2024, 06:14

General

  • Target

    e58e52eb424c20f49307c6912d1cea60N.exe

  • Size

    238KB

  • MD5

    e58e52eb424c20f49307c6912d1cea60

  • SHA1

    0e10fa6b548e589fcb45ddb3afc18737d342e345

  • SHA256

    833c31e58b459058b6f5aa0588454a2c28854242aa9a5f45d287a4a9cd990ee7

  • SHA512

    74656e5d742caf7891b5c7703d27ad713d3de123143ce3432ce5e631ccd7dd3cd0225b5c6515d8c9b8448a9bdfc15f4cb432771e2ab02c0121da5e91062c8e6f

  • SSDEEP

    768:W7BlphA7pARFbhKKVeIuKVeIBt+OKObYhnKhnZS+2w4Vqx0VqxzFtF2TZpe:W7ZhA7pApBt+OKOsZKZZSjw4Vc0Vcye

Score
9/10

Malware Config

Signatures

  • Renames multiple (3823) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\e58e52eb424c20f49307c6912d1cea60N.exe
    "C:\Users\Admin\AppData\Local\Temp\e58e52eb424c20f49307c6912d1cea60N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:5368
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3820,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=4380 /prefetch:8
    1⤵
      PID:5872

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-2170637797-568393320-3232933035-1000\desktop.ini.tmp

      Filesize

      239KB

      MD5

      2722d985271f157f0f227cde98017fe1

      SHA1

      39d5b3addefdb40dad41da1b0b2cbac22888f3e9

      SHA256

      559bda102d5de5b57bca85acd557cc2324a3a7c3c19dd0698c9af200c3718336

      SHA512

      ec60fc34c1f065fef1dd2552d5c85e8acf1e48f5d50a111e34d5bbe1ea0cf26882dd4dcd284cc5d97f6fab6e51a0defeea8d5a5a8b257f3e85e1de0a21eccd5a

    • C:\Program Files\7-Zip\7-zip.chm.tmp

      Filesize

      351KB

      MD5

      d66ea2b2b5ce3787cb3f95da46ae8264

      SHA1

      32f370abe3532fdd4072d28f56c840f62e10e83c

      SHA256

      6c2b4c95b9e70b2b1da1d7e8d827420a4f7c8a82616486e2546f0561e9b17a8b

      SHA512

      bc9053b20a9db18e03831181adb8c39442d46ebff44d5fe01c7b937dc5c577f3e2328cffb1f9eb3f3f75b5e9d454673dc82b508557d3f6ff8c36bd5e1dc11a4f