Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

e1c4659bce...45.exe

windows7-x64

9

e1c4659bce...45.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    01/09/2024, 04:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e1c4659bceb8ae2321a76c14abca4109e5581b41bf5d30c01ee81d9ef89c6c45.exe

  • Size

    62KB

  • MD5

    5f9a0b56c867d6d824cd89d5c52dd91b

  • SHA1

    95c056413bd056db634beb3a1e3e1861d231550f

  • SHA256

    e1c4659bceb8ae2321a76c14abca4109e5581b41bf5d30c01ee81d9ef89c6c45

  • SHA512

    d6dd225dd463ec5dd592380db33aae0077cccbd705a4397a013ec5a15b3c3321d37a9aeaf2084271fb761379f223f807cde914e13ccc7f8ca32f3ddf3c795084

  • SSDEEP

    768:W7BlphA7dASbS7EXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rcu90TKe+0TKeU:W7ZhA7dAvGpG8nz4t4t

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3747) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\e1c4659bceb8ae2321a76c14abca4109e5581b41bf5d30c01ee81d9ef89c6c45.exe
    "C:\Users\Admin\AppData\Local\Temp\e1c4659bceb8ae2321a76c14abca4109e5581b41bf5d30c01ee81d9ef89c6c45.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:712

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp
    Filesize

    62KB

    MD5

    00712ea3ca232dd8963f1768626fa53c

    SHA1

    e4d7ddf907b5fa0d37a0b455a1328737bcdc9aba

    SHA256

    d2bc57995ebcd3737a26dd4046bf4c95fa00b39e8876078235599ee665076539

    SHA512

    2235a70b9ab89ffc9b20cc898a7818e954abf575f7dc1470a8e37a3c8d859abd70e611d966f61348ff8f48882fd446165f3cc9acf4c4062c0c6a91539115ce8e

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    71KB

    MD5

    29b4e4e585290d77d2866f79659acc6f

    SHA1

    a484d2fdc5ad52a98b069dc255eb3b5fb86ee076

    SHA256

    e8bc6a892b325af441d034a5be2e90b059d1d557b21efe654150caf97cd17506

    SHA512

    ad00bce430a75eb04d53cfa40a12ec3c3d5cdfa5df848dd1f165015c1fe9267a8829367a488c4b5230176b72c668be61513fc1dc1518f220b3728f8eb2edd37a

    Download Submit