Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

2d1de8150f...0N.exe

windows7-x64

9

2d1de8150f...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    115s
  • max time network
    107s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/08/2024, 03:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d1de8150f819ed739984e56933aae90N.exe

  • Size

    50KB

  • MD5

    2d1de8150f819ed739984e56933aae90

  • SHA1

    bdf91c94d7050128939472ad80eb4c00dfdfc368

  • SHA256

    4585313964ff51f3098f29d1b2dc0b5473114a12b952234b62ce28b2192c21a6

  • SHA512

    ad398527dc20c524695a8d1a798bf34a5364fb0dcfd407d5362d2ffe43ec0c3707f1fc00396cc3a3e5f0f815037211e7e73f345283be75915d0aaafe00da86bd

  • SSDEEP

    768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFjqAJLOqAJLPCsZCsWbabN:W7ZppApBULcfpHLcfpyDEdL

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (4385) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d1de8150f819ed739984e56933aae90N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d1de8150f819ed739984e56933aae90N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2304

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-945322488-2060912225-3527527000-1000\desktop.ini.tmp
    Filesize

    50KB

    MD5

    cbf84fd2c21e349cd22d8850c0c1fe86

    SHA1

    56f848c17374a62502c3a6c4084f9faeebbd43df

    SHA256

    9f47083a53f8b08589ebe233fb06bc9def184a6beeab21cf5ee6304c4d9eaf47

    SHA512

    f999efd4d81720c9fd6881a2855e423f539853ee762deed98d44a920ae4a193359d460196053d64a5a21a943908caa27c2a0975cc1ed986fd91cf7fee284860f

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    149KB

    MD5

    28bdcd99d9cf103f6dd13b1cf9fb3556

    SHA1

    254c5716f51cd852a9fd5376aa100c5af7d21295

    SHA256

    50620e55237f1a0aec91986dd3d80dcf0e27a26ba922ccca30a7e024e9f9d44b

    SHA512

    5b0c25feb7ffcd8da144d31acc55de90d26cb9cbe5324cea59fa5dcc847d5c26ee0351697b16dfdcbcc08eca22ca802e30d6a60decb0699d512afec839311ddf

    Download Submit