Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

6758e76596...0N.exe

windows7-x64

9

6758e76596...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/09/2024, 14:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6758e76596919ceb8095ef0ba2e6f920N.exe

  • Size

    49KB

  • MD5

    6758e76596919ceb8095ef0ba2e6f920

  • SHA1

    77e635e5132369856ceba5a7db7fee6064ba1c55

  • SHA256

    944527adff4615aca8029f281db119e7e09ebea139987f844cdf0ecbb02c0fb0

  • SHA512

    b0b8594d67b3b4f85b0d31c2ed1bd5036581c34deed1d2f9f3506bc6d81e9b80d0cac09fe835b91e54dfbe546fc4b45246ebcb564368f77bb0486120b04ead14

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9bJSsJSPGUGX:V7Zf/FAxTWoJJ7TFJSsJSM

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4658) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\6758e76596919ceb8095ef0ba2e6f920N.exe
    "C:\Users\Admin\AppData\Local\Temp\6758e76596919ceb8095ef0ba2e6f920N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:5112

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-786284298-625481688-3210388970-1000\desktop.ini.tmp
    Filesize

    49KB

    MD5

    e7cece7a7e17c6f7b542dddabd9437ee

    SHA1

    22e5f644ddad516e81a27cce0b2409466c4e2ba7

    SHA256

    a966dfde34528b8eb739983962661f33534d7fc8de273b7fb9817f88e360ced9

    SHA512

    5d8ee1c401160415ba2368c2f1e946aef1d9cf6cf1f18e402aa4650cbe4912e3c4b964bf78b8ed8a765d03ebd657bafd0dc507d0818f0234e399497098945b58

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    148KB

    MD5

    d48907ee818964dc3d5ed1499a4a7533

    SHA1

    d0670883b41f53aeb76e6488feb36622f951dc49

    SHA256

    044340427fe9d6bf5bd9293ec4ab960b372e13a7369ce98f32134a5d0bebe0a0

    SHA512

    5d95ec670569576e6d802148cecd10f536eef42fca9339b69bb68b7552393d5a9e00a827638b865d077763576fad609abc1ac13ed5dde839b18e7b60e0454280

    Download Submit

  • memory/5112-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/5112-922-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download