Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

638375a8ff...0N.exe

windows7-x64

9

638375a8ff...0N.exe

windows10-2004-x64

Analysis

  • max time kernel
    31s
  • max time network
    41s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/08/2024, 21:54

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    638375a8ff9510e3fd1dc67602483dd0N.exe

  • Size

    47KB

  • MD5

    638375a8ff9510e3fd1dc67602483dd0

  • SHA1

    b9ab505af3919bf1cea947acba1362a5332c3a4a

  • SHA256

    9e10b1d3bfaa6f2ba0292a0264f3e6e04c6ec27e3eb8c548a7c2c95343ebfb56

  • SHA512

    4ac77147f10da1739b55db0a19c268ff373b0e424d36e92feaab891ac497842e6b034c69769e94e6fe4fbc72f3c07ac21ad3143d1e7fba60645013a043cfb3ac

  • SSDEEP

    768:kBT37CPKK1EXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rcu90TKe+0TKeinMdA:CTWUnMdyGdyqWFx5

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (987) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\638375a8ff9510e3fd1dc67602483dd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\638375a8ff9510e3fd1dc67602483dd0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4340

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2412658365-3084825385-3340777666-1000\desktop.ini.tmp
    Filesize

    48KB

    MD5

    809e66e4bcc5083ebefc2d767c8a8d04

    SHA1

    544608ee0fd890d53452d8d3994c850e24d13aed

    SHA256

    481145a6d78339504903d79da2d5f1712cf77c109953b9f44f014ea2664dbc7f

    SHA512

    f61236fda53b0884f987dbaf29b883e74e20c60c616a2434a37e236bc959254bef9b3a223e3b53fd5fcc056e41bd60694799b2031ce24ef3669ad447e14195e1

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    146KB

    MD5

    83a2e11ecff3bd52cee0ce65dbdc6367

    SHA1

    4bafcaa1bfd535f9d92f49a39579201a098c1d87

    SHA256

    60e7f41fa248e21b60c5790b76f2e03968aa7a57d7e75ee598444297ff5854e0

    SHA512

    543f763f436e6d62f4941f1e6d597bf99ffb778ab39c584b371d9b58489b2c7c89c00bdec9d942dd3f6176ed933e5fa6c57cd5119d7ec198613eac7da19274bd

    Download Submit

  • memory/4340-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4340-860-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download