Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

fe51ca70df...0N.exe

windows7-x64

9

fe51ca70df...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    28/08/2024, 22:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fe51ca70dfc0db1f486e9de94a2bb490N.exe

  • Size

    43KB

  • MD5

    fe51ca70dfc0db1f486e9de94a2bb490

  • SHA1

    2f1ad7cba515b2eacbf4cc34cd4a2b8dccee0830

  • SHA256

    d50f1d87c15478c4086ddaea93f2cfb288be2030d0a8c4a1b8a58c8d4acf8820

  • SHA512

    dc874f113fc5f052357bf98d56be4970f58c8bb4f657d4610129407f462acee31674d5a3d37f77b41da2498cff17d1359db42e84867dc428f7636a0633f8f706

  • SSDEEP

    768:W7BlphA7pARFbhM0Kkq81LOyq81LORWAnWAkpUE5c5gSC:W7ZhA7pApM21LOA1LOrtkpt6q

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3223) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\fe51ca70dfc0db1f486e9de94a2bb490N.exe
    "C:\Users\Admin\AppData\Local\Temp\fe51ca70dfc0db1f486e9de94a2bb490N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2360

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp
    Filesize

    44KB

    MD5

    f16c8dd305eed7cf5f4ac1ea01f5a6c6

    SHA1

    60a7fa1bc271dafbe632aeafadadadd41794bf35

    SHA256

    d94ae491df5eba93157c28ba5e5d3de9f8753d27c227b99be654c8e846774192

    SHA512

    21649ca18ac085ae4bd8024114ca03fd920e5a948235362334bf87c2f993737aee8664ebbb1cc81bc03b63fe980bf96b8e024d6c79dec90f8a9b94cb8afff644

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    53KB

    MD5

    ebcbab40b7280b0141a96a38a2009ff7

    SHA1

    053a4393e062329f5b86b83df69275ee53c96009

    SHA256

    f85bd502d2667e98f3939884647691bf6a96f01c8231eaceb6b80b611e59b2e8

    SHA512

    ea89164c72f6c6d300b5a4fc409f3b049e238168558fc5a7fb1fdea40f34efacfd42fe96bbbc1101650b7a73d28a9f1dafecb1d081d7ed145f0b3abae8c53af0

    Download Submit