Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

bb8c4f50e0...0N.exe

windows7-x64

9

bb8c4f50e0...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    25/08/2024, 20:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bb8c4f50e02ee18acc4f8c9352bd7490N.exe

  • Size

    70KB

  • MD5

    bb8c4f50e02ee18acc4f8c9352bd7490

  • SHA1

    5bc46faff40da31563e1da4003044cee7f5b5ffd

  • SHA256

    0bbb4752ff2e1f42bc65be3f0b3acc75c280aa39aaa625747b7f18600e66cb7e

  • SHA512

    545a04851ea591dbbad66909548d68e44114599a3529f94c4e6f90d3e269303eea97c0b4f91d852a3040925b80ca24d8034c46d37a63023d0ba033dbd8dca247

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcwBcCBcw/tio/tirZcZja:V7Zf/FAxTWoJJ7TTQoQrZcZja

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3158) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\bb8c4f50e02ee18acc4f8c9352bd7490N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb8c4f50e02ee18acc4f8c9352bd7490N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2532

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp
    Filesize

    71KB

    MD5

    41acc93d97ec41123b1de4f91a9f7db6

    SHA1

    66056e26b9f7137fc3d428293ecdcf051a64c6e0

    SHA256

    c7e24b088b5f9b62f52059d46d9b20eeff36055bce56c9d9787733a0a2e09705

    SHA512

    ac80102df4b108055180ae2a09d990f17f60be8dc0a72ce14c49dd1a5136ea34d4d922202cbaf8826a41fb58a7b266840eeecd509710ab782e9cd98f32ba8f6d

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    79KB

    MD5

    b581a8cd166025332e2f5eecaa0ff4c4

    SHA1

    b8788613e7499e3d1c18e36ee01c87834a5c2ea0

    SHA256

    8ea71abfcac02e332fa311455332f5857eebbcb4eef0a16c599fd1f6f86fa9ed

    SHA512

    53801a308a211660e939f9cc736040a6c8cfbaddee5aa5c95cbbe1f79f815af3adc0e6dd724da92fb3018c778d3c4f45fa44cf977ddee6033255b9f288a2884c

    Download Submit

  • memory/2532-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2532-74-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download