Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    119s
  • max time network
    91s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/09/2024, 03:39 UTC

General

  • Target

    82809629a5de9001142d9c9b6d088ab0N.exe

  • Size

    61KB

  • MD5

    82809629a5de9001142d9c9b6d088ab0

  • SHA1

    9340b7822b356471c2be97969c2b1d2e0e09ca6d

  • SHA256

    d57e2fa3af2fb7c01cdcdae3f8e549514785c3a368473dc0ba2d04c26cb09b4d

  • SHA512

    6a406c3a4b8174d779f074e0f07590a6aff1e7196548a4a2e700341e1d27119660f56b115c9293d075268cf5d6b01ed763e7fb27948ed808be948a3db633dd2b

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFIl:CTWn1++PJHJXA/OsIZfzc3/Q8IZTT

Malware Config

Signatures

  • Renames multiple (4660) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\82809629a5de9001142d9c9b6d088ab0N.exe
    "C:\Users\Admin\AppData\Local\Temp\82809629a5de9001142d9c9b6d088ab0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:432

Network

  • flag-us
    DNS
    209.205.72.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    209.205.72.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    69.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    69.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    149.220.183.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    149.220.183.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    157.123.68.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    157.123.68.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    19.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.229.111.52.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    209.205.72.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    209.205.72.20.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
    128 B
    1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    69.31.126.40.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    69.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    149.220.183.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    149.220.183.52.in-addr.arpa

  • 8.8.8.8:53
    157.123.68.40.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    157.123.68.40.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
    145 B
    1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    19.229.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    19.229.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-656926755-4116854191-210765258-1000\desktop.ini.tmp

    Filesize

    61KB

    MD5

    83e877ad351e38d0dbe29ebdc897ce85

    SHA1

    b96106d9fac69538cfcb5f2b80fc954ed814e4fa

    SHA256

    7a7bc1c8439f1b5b3d8a2d85875c8a42f5bfc8a9e0e7de0fc66c0767acfb5ad8

    SHA512

    e8c67fff0a7ac1a6894f74646817d2eb1f64715b616ad6c8fa2fa804ad783e720fd298ad145be993cc7a2fd94edede758038ac5a3adb2dde3a253a016348a33b

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    160KB

    MD5

    aad1afa47ceb5ecd5836ec15b508b6ce

    SHA1

    6d5a0acd0e71efe3e8dec3aecd1e3750e032576a

    SHA256

    fa4965a8f3e55f961fc758faa8b99b91d9743908c6b9737c71f4dcbd80064426

    SHA512

    7889e2f7f60a77239876553c00414d5f361db0fc40c96b9293b87451d3943f2d93843e76eaebe5774e9e249cb2b00dec8aa24529750447858c549417e7549f58

  • memory/432-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/432-931-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.