Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/09/2024, 17:59

General

  • Target

    8fc3ca9959579db14810ac7e86363c80N.exe

  • Size

    57KB

  • MD5

    8fc3ca9959579db14810ac7e86363c80

  • SHA1

    51280d6796f9c4d3f9bc5d1e863cec5711fbee4a

  • SHA256

    d30c6c04e31930e3c66c06a09ebed7c1a17d1938131a5a115bd55f421ab13559

  • SHA512

    57b0d489d7cbbfd4b05cf69eff0109dae0debaa5a8e773b4326ad27d0779373cf1e38ca990af6e0aceb109c998b55f271c81beeb8355841c5faf4dc327516712

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATBaMYN353e353i:V7Zf/FAxTWoJJZENTBTY5

Malware Config

Signatures

  • Renames multiple (4361) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\8fc3ca9959579db14810ac7e86363c80N.exe
    "C:\Users\Admin\AppData\Local\Temp\8fc3ca9959579db14810ac7e86363c80N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4416
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4396,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=4164 /prefetch:8
    1⤵
      PID:3360

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-2170637797-568393320-3232933035-1000\desktop.ini.tmp

      Filesize

      57KB

      MD5

      2c3c40fa4d47e5fd6321c0de8b397c97

      SHA1

      13b1c6cc394328be452998ef2d65929fdcac9043

      SHA256

      8ebc032e9557a5e6de8d78141ccbd6b5b08676f556739b4ecd58c1cec75deb03

      SHA512

      3a7f74b29b0d7ce66dbad7232e597924ac5386f3cce1bc541c073be2179dfc9dca886c989d1a9d617d686575462f8decf2b33777a6340e7ddda099f336bffb18

    • C:\Program Files\7-Zip\7-zip.chm.tmp

      Filesize

      170KB

      MD5

      1b1c1eb64dd901c2597cd3c2bc9a447e

      SHA1

      f780cb88058e15c6ea0dad84225e739e2f0a95d6

      SHA256

      e9d564d561ec1ea289330ef890263f919e797716580b372d1041674aa2af3cbf

      SHA512

      164747a273818e90a3e21b2475934c628314ef569fa228f6009307948759f800e0ffe80fe0a6fbb0381c0eade2f5cbc88c600158c6f934b428a6104453bec97f

    • memory/4416-0-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

    • memory/4416-856-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB