Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/09/2024, 11:10 UTC

General

  • Target

    d73828d042040527dad227e2e46e2a00N.exe

  • Size

    83KB

  • MD5

    d73828d042040527dad227e2e46e2a00

  • SHA1

    35eecc104a62545d0b1d572ce0052a1fdb019df2

  • SHA256

    36dcce34ed33fdeb4826a7e57cf9b86f666efc3a4637c13a697b3d79f800ba87

  • SHA512

    07ef749bf4da0cfc160b4bc9d7eb3b130436885b1e12bb0f6cf4f6009b429f8991aae152b427684a54c961d12ecbb3556f9593a92abfea9d4825944431854e82

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8IZTkb/b8QH:fnyiQSo7Zgr4QH

Malware Config

Signatures

  • Renames multiple (4354) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\d73828d042040527dad227e2e46e2a00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d73828d042040527dad227e2e46e2a00N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1504
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4120,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=4440 /prefetch:8
    1⤵
      PID:2556

    Network

    • flag-us
      DNS
      209.205.72.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      209.205.72.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      73.144.22.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      73.144.22.2.in-addr.arpa
      IN PTR
      Response
      73.144.22.2.in-addr.arpa
      IN PTR
      a2-22-144-73deploystaticakamaitechnologiescom
    • flag-us
      DNS
      140.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      140.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      149.220.183.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      149.220.183.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      86.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      86.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      198.187.3.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      198.187.3.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      198.187.3.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      198.187.3.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      81.144.22.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      81.144.22.2.in-addr.arpa
      IN PTR
      Response
      81.144.22.2.in-addr.arpa
      IN PTR
      a2-22-144-81deploystaticakamaitechnologiescom
    No results found
    • 8.8.8.8:53
      209.205.72.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      209.205.72.20.in-addr.arpa

    • 8.8.8.8:53
      73.144.22.2.in-addr.arpa
      dns
      70 B
      133 B
      1
      1

      DNS Request

      73.144.22.2.in-addr.arpa

    • 8.8.8.8:53
      140.32.126.40.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      140.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
      144 B
      1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      149.220.183.52.in-addr.arpa
      dns
      73 B
      147 B
      1
      1

      DNS Request

      149.220.183.52.in-addr.arpa

    • 8.8.8.8:53
      86.23.85.13.in-addr.arpa
      dns
      70 B
      144 B
      1
      1

      DNS Request

      86.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      198.187.3.20.in-addr.arpa
      dns
      142 B
      157 B
      2
      1

      DNS Request

      198.187.3.20.in-addr.arpa

      DNS Request

      198.187.3.20.in-addr.arpa

    • 8.8.8.8:53
      81.144.22.2.in-addr.arpa
      dns
      70 B
      133 B
      1
      1

      DNS Request

      81.144.22.2.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-2170637797-568393320-3232933035-1000\desktop.ini.tmp

      Filesize

      84KB

      MD5

      47c1e1d8124e6e37cdbdca836c3419ce

      SHA1

      0ea0c02df0977a816beef84e7f0fd054a5641e23

      SHA256

      091a1198dbe69826aa72251962227d46ce4e8b6c8aec7318671da08cd4015342

      SHA512

      a951993b5ac515b6dfa960664864701b8fb0e61ef0e13ad92322d88c740854b8cfc341a589c546ca2e535e8023751664d242128e8d0c03d5618c0a063c930b8f

    • C:\Program Files\7-Zip\7-zip.chm.exe

      Filesize

      196KB

      MD5

      3ab5e08cb5c2da6c0dc7680903fe2eec

      SHA1

      8167fc41001e3dddae39eba5d6eec3de9b14d035

      SHA256

      9ff61a180a650533593492080d0715e4de0a8764ab4945a9f134f0f64cb522c3

      SHA512

      eb20200cd73e23b22b01ce836c4b7fecfc588c3f9beed8d57780e68be719439f298285657295695661c6d6552feba4249dbc6fb11cd2db974826f606c08b23a5

    • memory/1504-0-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

    • memory/1504-806-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.