Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

776cbaf1ef...0N.exe

windows7-x64

9

776cbaf1ef...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05/09/2024, 09:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    776cbaf1ef420394866d1d5f592db710N.exe

  • Size

    76KB

  • MD5

    776cbaf1ef420394866d1d5f592db710

  • SHA1

    f63b9350592ba71240bfd30002c6b2e5c7511949

  • SHA256

    9adfa22eb46865688c9ec41f5b2ef2657ce130a65eb925a6ff767ed9f8fcf1e7

  • SHA512

    07aea0d77452e0306f0f1446621f717f91d550f66d7d1fb5500b21accfdd56a0b01bde6ab341ef0aa0906dfcc39e8725db3cf01d2f1204492980717d2848ff6a

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9woOzOuiJfoOzOuiJpBTp:V7Zf/FAxTWoJJ7T4M4TW7JJ7T4Mc

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3165) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\776cbaf1ef420394866d1d5f592db710N.exe
    "C:\Users\Admin\AppData\Local\Temp\776cbaf1ef420394866d1d5f592db710N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2192

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp
    Filesize

    76KB

    MD5

    61898e7dfe213a67edce4b728de3d16d

    SHA1

    766964a6e54d17f1110edc89baa8f6c448c2043e

    SHA256

    a56a4364a6ef2354c8c6aaacd49c9fe44281f922fc4dc967c9e9a7a4458cddcd

    SHA512

    bb04be1b5bf9d16b8ae93a6c207ce805246a4b59311c28c6177760c8dbe56817228adff5fb54f73b39fbace627149b73aebdb3692ae9044f7e7f1e7eb418f989

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    85KB

    MD5

    9dbc50097dbee62d8a89c28c980fa0bb

    SHA1

    dfb5ff20fe9316f1f5b37809ba7eb43593139ba9

    SHA256

    4db1e63fb8db7415a89629bd7c9c2df33434cd3f0fb5d44d0c613c8c73bd0c39

    SHA512

    6d7311926b03c69a12fd4c276f68fa938035da3c0d0a8180b71903bfd5db9f1dc8ec437786f2eff3b34e908a92f53a8a225d8641c538404e43df527c06bbfb01

    Download Submit

  • memory/2192-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2192-70-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download