Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    01/09/2024, 02:03

General

  • Target

    ba8616ef79ae7933b7e3c6aa41215546e901f1309efe4640336c8c6a6819c8d3.exe

  • Size

    31KB

  • MD5

    414bff82428a1bc05cb63812fa1a6094

  • SHA1

    cac9595ae2ff76aba344485cc2fa4c5ddba8ca2a

  • SHA256

    ba8616ef79ae7933b7e3c6aa41215546e901f1309efe4640336c8c6a6819c8d3

  • SHA512

    2aaf360999749b8946870282992679dca78f2701b23c0fc737dbd947fd24bc00d7292223b83f280a2988c2d894b8f50d63acf5d3059dc4644ce946af78037490

  • SSDEEP

    384:QOlIBXDaU7CPKK0TIhfJJ1Evd5BvhzaM9mSIEvd5BvhzaM9mSsxmMxm9+91ldUjq:kBT37CPKKdJJ1EXBwzEXBwdcMcI9P8i

Malware Config

Signatures

  • Renames multiple (3767) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\ba8616ef79ae7933b7e3c6aa41215546e901f1309efe4640336c8c6a6819c8d3.exe
    "C:\Users\Admin\AppData\Local\Temp\ba8616ef79ae7933b7e3c6aa41215546e901f1309efe4640336c8c6a6819c8d3.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2368

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

    Filesize

    31KB

    MD5

    adaba7e66455bca660b7d648655e35e2

    SHA1

    6c8a3d5fe1b0156196ac19ee3ec3017d7bdaf85d

    SHA256

    8d37e552bf02e59c1acbbc7040a0c5f7e27a5a0589838f348400f1bd620830e4

    SHA512

    dad3401f9d8d14c1bd36e82ed327a87762dacc8af336a6b113ada986c729eaa95e107fee69b0008dc0bf140fdf1550cb0bcaa5e740c13748664eb0eb376307dd

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    40KB

    MD5

    3d6cb5d5418629f098e92f4372e46cb7

    SHA1

    d3f8f4658b5b7e96c4260ec666d9813342ad091f

    SHA256

    b898a8b91c1fe228395d760766a738de810f00a60c6606a7669d01b424b75402

    SHA512

    d770acab7c7b52885a699e6eb91971cb2a8085df787a6a0c2f94b9c6f9aaa105868d2d78d2ff64ef44afde55c89992388968f4e60ca0c12fdf7f530e24cee5d9

  • memory/2368-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/2368-70-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB