Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

bb8c4f50e0...0N.exe

windows7-x64

9

bb8c4f50e0...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    107s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/08/2024, 20:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bb8c4f50e02ee18acc4f8c9352bd7490N.exe

  • Size

    70KB

  • MD5

    bb8c4f50e02ee18acc4f8c9352bd7490

  • SHA1

    5bc46faff40da31563e1da4003044cee7f5b5ffd

  • SHA256

    0bbb4752ff2e1f42bc65be3f0b3acc75c280aa39aaa625747b7f18600e66cb7e

  • SHA512

    545a04851ea591dbbad66909548d68e44114599a3529f94c4e6f90d3e269303eea97c0b4f91d852a3040925b80ca24d8034c46d37a63023d0ba033dbd8dca247

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcwBcCBcw/tio/tirZcZja:V7Zf/FAxTWoJJ7TTQoQrZcZja

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4355) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\bb8c4f50e02ee18acc4f8c9352bd7490N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb8c4f50e02ee18acc4f8c9352bd7490N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3652

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-656926755-4116854191-210765258-1000\desktop.ini.tmp
    Filesize

    71KB

    MD5

    67a4e53c7f6a4da48c21813fb6305cb4

    SHA1

    b69263edf01f96b0554ee0fbae84f8df44734d71

    SHA256

    7e668a7d8df5ea9df5ff97b25c210ad94cce8a5697720f605d07e2c8f845f3b9

    SHA512

    486b338d95ef31c76689bf634326e6a434bd97329ae8a12a85c0447605a7bdd789082e165a2c73a08ce31817c8fb1d42823aeca5f511d6830cfb0ac3c5713404

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    169KB

    MD5

    078280584c3114dbd64b885e89447879

    SHA1

    fca67376ccd04c890bcb746005f9c286ed500507

    SHA256

    484e79553cf004f26567ee8bf9a70a04a07a53c41eb176113643dc3262100026

    SHA512

    754555c497629d25faf800a9fd7ea6c8a876d61c163eade5dd97e6f26e2ee0948df8b3243c1338a28c0f656ddc7ef3f9588065a313e8d2159ad0e12f4626de3e

    Download Submit

  • memory/3652-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/3652-804-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download