Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

946cbd4692...0N.exe

windows7-x64

9

946cbd4692...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04/09/2024, 20:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    946cbd469246c88e78e77c41fdbdc780N.exe

  • Size

    53KB

  • MD5

    946cbd469246c88e78e77c41fdbdc780

  • SHA1

    1f2c1be2117a211ac11e86f123f870486d47d65e

  • SHA256

    d7ca6d9d530150fe3a3f645713892515adaaaf74380beaad9afa504130325df5

  • SHA512

    2c0437f018478b1b6c65f14bc71fb3ae68d1a21432047d354f17ec9a9224f96e2b84ddb8165e575168c83d2953e82844188600018c349d54c9092c30e2bb2693

  • SSDEEP

    768:kBT37CPKK1EXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rcu90TKe+0TKeinMdD:CTWUnMdyGdyoIOIZgv

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3264) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\946cbd469246c88e78e77c41fdbdc780N.exe
    "C:\Users\Admin\AppData\Local\Temp\946cbd469246c88e78e77c41fdbdc780N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2516

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp
    Filesize

    53KB

    MD5

    e6e6b5a1a21ca1e45ff3a68bb91c8e2c

    SHA1

    7bf17dd1b4451960d9639323fb6c872da14563ef

    SHA256

    2a28401356e63068cc5053f106e69a3a962146e3d9aec8f2da32c6834ee469ae

    SHA512

    55792981f0a458ce65d8e40dba87191685b98e835ab72d499498eeb5da24e32ba5a783b8fa3db8ac47f2b4065a0a846cd6d341636b170ed10134f5bef86931f2

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    62KB

    MD5

    c04f9f4901f5b77866f8aa9515ac9e99

    SHA1

    309c3f00dd17bc06ff4bd765a55a0964cba58fd6

    SHA256

    1049a62a717070f1fa66f900454f6a3bfd7708dc9fdf8632afbf24dcae6007ac

    SHA512

    70e0c9596d1ec37375d7bc4924c2a705bf72247fd927248d53d6ef71b14400cf4e467890188279089176388af7c8576cb5b5100c955093719d77ce168098578d

    Download Submit

  • memory/2516-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2516-75-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download