Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    02/09/2024, 21:48

General

  • Target

    73d2ea55c0b9ea76563e4c6033600800N.exe

  • Size

    59KB

  • MD5

    73d2ea55c0b9ea76563e4c6033600800

  • SHA1

    5058e9c40ac64b3de859380688dd5442674b4832

  • SHA256

    0c71a663a0a88406c19b46ffe119f1a539c71599c467caba1e951554485f8514

  • SHA512

    f0578505e13f7f46cb01438bff68043cb33360695684a0eab2dd9713a3eec377ebd55cc164c560ca9f33eb84d0297042455d95325e8173a8c75a51ca46dd702f

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9Ti9Ei9+z/:V7Zf/FAxTWoJJ7TV7R

Malware Config

Signatures

  • Renames multiple (3336) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\73d2ea55c0b9ea76563e4c6033600800N.exe
    "C:\Users\Admin\AppData\Local\Temp\73d2ea55c0b9ea76563e4c6033600800N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:400

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2257386474-3982792636-3902186748-1000\desktop.ini.tmp

    Filesize

    59KB

    MD5

    aeadcf9296da060d7680132f0207d8fa

    SHA1

    36c51131ee5011efa2f5431bc434efc47bf73179

    SHA256

    3e767c98d0b9c38e7ff9388e7085f4af979eeebe14e79ec789063d63f7f5fc2e

    SHA512

    90b900f30ed7c73f87874438700e9793fa29d468b559843e267de10e4bdf145402bdd4e613903bb2ffdde162f23353b4ca5fc0d2eb37811ebb88467bd71de1c9

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    68KB

    MD5

    7ede4a1aa00b40a5bf1a724cadf2141f

    SHA1

    7ec33434a4bb7f5bd56eefe7f10b0291336c10ec

    SHA256

    b7ccde696ff3b7d6009ddff72e23db5adee089e52b0d28bb32c6f6dcccaaeb5c

    SHA512

    e41e9139bd673bed2369a48f4a69dd52daf764c545f0ff6347b176b67585dc77fbd7e7f41368aa66c483061665d48983567e6d514f3b2cac4c2f124b4713ca0f

  • memory/400-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/400-70-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB