Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

bdc647a8e1...0N.exe

windows7-x64

9

bdc647a8e1...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    03/09/2024, 05:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bdc647a8e11cba7996472b243b9bf990N.exe

  • Size

    78KB

  • MD5

    bdc647a8e11cba7996472b243b9bf990

  • SHA1

    c081f008467539cb9c1f75aea13fdf11b827e506

  • SHA256

    77da85a52831041ecd6b8f6b19f47a8b354e6944bfa6a1b1baeb94b212371dc9

  • SHA512

    34e03ff6e365e31ca798ddac78939d1a82a5aede720b1f47898fee799b08cb0fffe118b9209553fce19b447ee931e511c1f8d91f9ce3c7a6f158f3af5f9da754

  • SSDEEP

    1536:W7ZhA7pApMNcH6gW4Wvs9s2cic8GhGvnQw2w+5vC5v8:6e7WpMNcK9vG1W3w2w62E

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (331) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\bdc647a8e11cba7996472b243b9bf990N.exe
    "C:\Users\Admin\AppData\Local\Temp\bdc647a8e11cba7996472b243b9bf990N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2468

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp
    Filesize

    78KB

    MD5

    1fa88a4415a86f52d5ae29402b06b9dd

    SHA1

    3bb76942f57bbbbd7cd83107cdb5a5ef6d8e97b2

    SHA256

    19089e8a92a19ad8205a02a4294bcad7be946d90a45e88d9085e1fb546286a97

    SHA512

    791e0d01e827a0e5ba611062ebca3515793ad231387cf365b205bdd6fa3d80198fc9fd3047ff5860205db315e4cc8a95b6e6ba1e6f26172b349e171b5e328e09

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    87KB

    MD5

    abaa9bdd27bc7fd9fcc809acb356fa88

    SHA1

    75c0f610b5ba0f20977d5b71dc82488ad9bac1d4

    SHA256

    cbdfeef880b7d3fb436a71c54130c764333b01887b99b178317138b74b88dd55

    SHA512

    f409d4a9ee0ecbc0b6564ce392b0d6b9cb6e31dec2ccbaa31dd966fffb4afb91c54fe7ad0bb1c7707b4dffeb4c1c2f5ed767e01bbe85c41d5d6887f33ff04573

    Download Submit