Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

51e4fa3e32...0N.exe

windows7-x64

9

51e4fa3e32...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    20s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03/09/2024, 18:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    51e4fa3e32319f3a35792371dce2f7e0N.exe

  • Size

    31KB

  • MD5

    51e4fa3e32319f3a35792371dce2f7e0

  • SHA1

    60176a0872ac3456dc7fa3ffe97d31a7461051d9

  • SHA256

    17afa77ef2042e4c871474a747f98abde9c40ba62df8e31beb274ddde3851bc8

  • SHA512

    0e2012025da0ea1d802ceb03cd1bdc0c44bc4a6cd5c77b2322755ccf30ef28d21418c4710d4409650b42636d03fe37092c8e5ebcd2b720f7d8f02a68bb2010e9

  • SSDEEP

    768:kBT37CPKKdJJBZBZaOAOIB3jM2jMO/7OSEz0z0:CTW7JJB7LD2I2IbSY

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (428) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\51e4fa3e32319f3a35792371dce2f7e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51e4fa3e32319f3a35792371dce2f7e0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:904

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp
    Filesize

    32KB

    MD5

    d4ca2d0a4d4837aafb6ca6431e5a19b7

    SHA1

    893a44afce8f0f21a3f128f7b6ac83584f478520

    SHA256

    ec99372e2d88649992500fb05f0843df6f0b9fe33e8c115a4ad5ae6482911b57

    SHA512

    dd0443586177318c2e93096f09221e15ebecc8b0cfb9c4cf49dabc58703e473152e7bbb59b118f65617ff2d6f7ed70022aec53bfa5959a45a92f0bf0ca19023c

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    41KB

    MD5

    b716e47108d63dd474f2aea3b88f1efc

    SHA1

    6e437eae8e42fd673d7960644fbc82a193a28eae

    SHA256

    992041333486ffd155c33f2a40905e62ace195af126fc7e2464738ee736f47f3

    SHA512

    136af23344bf3b437b287b131b71c890b890b998b9e4bb06609a9213cc4357defefb1ba66ccf30c2fb1734343688d07dd662c3425e3ec1c14cfeae6005748338

    Download Submit

  • memory/904-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/904-26-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download