Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

0636904df7...3d.exe

windows7-x64

9

0636904df7...3d.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    28/08/2024, 18:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0636904df72c7bf2791a242faefed8c0f222eb7fdde554609453e031fb063e3d.exe

  • Size

    47KB

  • MD5

    7ae28b256f03b46c2a4c105e2462bff9

  • SHA1

    cccc20dccecdff5f5c44ad45f958583d5772cc47

  • SHA256

    0636904df72c7bf2791a242faefed8c0f222eb7fdde554609453e031fb063e3d

  • SHA512

    4159e85bd06debf96d75a523080baedba809f7d4df6e74544ea7cec8d027dfc373dc270518e840110936dff8c6713b07fe132edd38d2a3d62c14dedb18445dab

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9dZN/:V7Zf/FAxTWoJJ7TpN/

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3738) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\0636904df72c7bf2791a242faefed8c0f222eb7fdde554609453e031fb063e3d.exe
    "C:\Users\Admin\AppData\Local\Temp\0636904df72c7bf2791a242faefed8c0f222eb7fdde554609453e031fb063e3d.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1720

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp
    Filesize

    47KB

    MD5

    bcd762f3a4d7ac77cc9d2806af12aeee

    SHA1

    6c9a87f85ebb7f8d029a658f825b8063595abdec

    SHA256

    eefca1b3805f8094cf8b1db4916627f474ff96c0991b87b04d199dbf9f849092

    SHA512

    d91f986e4a6d59c8b97306993ad31b15dd6c85f48304aca1cef345d7278422ef76c9d41b9668a93d5330534a48df7dd7771daecae472f252c5b04c8c21047bd2

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    56KB

    MD5

    d4fe6fc0513d77c68a490091d423d5d9

    SHA1

    6217685ed183b5cb6bfc70f509fb27830304cf69

    SHA256

    3844ca17a589f7f2b906fc871a9b6fa0bd0b049a78c2640545d93ccec99da427

    SHA512

    7c42cf2ada5273a3f63c7a7b6f38cc7a9610141374d96217a9cec63cef9ae2d99843fc6d907e5027097c2ab98c9c2ca91278fd5bf06c74eb72d68e227b0ea681

    Download Submit

  • memory/1720-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1720-70-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download