Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/09/2024, 11:10

General

  • Target

    d73828d042040527dad227e2e46e2a00N.exe

  • Size

    83KB

  • MD5

    d73828d042040527dad227e2e46e2a00

  • SHA1

    35eecc104a62545d0b1d572ce0052a1fdb019df2

  • SHA256

    36dcce34ed33fdeb4826a7e57cf9b86f666efc3a4637c13a697b3d79f800ba87

  • SHA512

    07ef749bf4da0cfc160b4bc9d7eb3b130436885b1e12bb0f6cf4f6009b429f8991aae152b427684a54c961d12ecbb3556f9593a92abfea9d4825944431854e82

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8IZTkb/b8QH:fnyiQSo7Zgr4QH

Malware Config

Signatures

  • Renames multiple (4354) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\d73828d042040527dad227e2e46e2a00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d73828d042040527dad227e2e46e2a00N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1504
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4120,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=4440 /prefetch:8
    1⤵
      PID:2556

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-2170637797-568393320-3232933035-1000\desktop.ini.tmp

      Filesize

      84KB

      MD5

      47c1e1d8124e6e37cdbdca836c3419ce

      SHA1

      0ea0c02df0977a816beef84e7f0fd054a5641e23

      SHA256

      091a1198dbe69826aa72251962227d46ce4e8b6c8aec7318671da08cd4015342

      SHA512

      a951993b5ac515b6dfa960664864701b8fb0e61ef0e13ad92322d88c740854b8cfc341a589c546ca2e535e8023751664d242128e8d0c03d5618c0a063c930b8f

    • C:\Program Files\7-Zip\7-zip.chm.exe

      Filesize

      196KB

      MD5

      3ab5e08cb5c2da6c0dc7680903fe2eec

      SHA1

      8167fc41001e3dddae39eba5d6eec3de9b14d035

      SHA256

      9ff61a180a650533593492080d0715e4de0a8764ab4945a9f134f0f64cb522c3

      SHA512

      eb20200cd73e23b22b01ce836c4b7fecfc588c3f9beed8d57780e68be719439f298285657295695661c6d6552feba4249dbc6fb11cd2db974826f606c08b23a5

    • memory/1504-0-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

    • memory/1504-806-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB