Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    07/09/2024, 12:23

General

  • Target

    Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe

  • Size

    33KB

  • MD5

    cc7b4696b7ef0df8aa053d4a2b63c496

  • SHA1

    1bc0243d6e758bf3fd693e78ede503952920897d

  • SHA256

    e366dbe0897b08d051991e34f934c977286de901a02d2b5d101c0f95d91f83bc

  • SHA512

    66440ec1432756d7b5bac62384ba8f6ee428b54164d3916d89b5ae1e8d60f86b164f64b54dea15a40dbd0165851a5009b1616829215e68362f7d840d97f04b27

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcI9pQ9HsQ9H89f:CTW7JJ7Tbgsg0

Malware Config

Signatures

  • Renames multiple (3462) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe
    "C:\Users\Admin\AppData\Local\Temp\Trojan.Danger.ATA_virussign.com_cc7b4696b7ef0df8aa053d4a2b63c496.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

    Filesize

    33KB

    MD5

    f585ef50fc3b0c4873f3af810d11285f

    SHA1

    870603f5aa91059cf225116b1404874191f82184

    SHA256

    83da6b642645172cb15e76b63ad3ebc967b123a625b9453760c14f1d1a9276ac

    SHA512

    2bb88b4e437e478c8f8b9a25a13c97f1e15725cd7eee474bf1db812ed4d73d9a1a2bf0e9006e02de7f55dca0ffbacf7d2d16172eb47ae2b56073dedfb437bcfa

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    42KB

    MD5

    97ba85294fbbbccc43c7e6ea1c85eec6

    SHA1

    a2ddbb278db40a834113710e2ce8582f8c502612

    SHA256

    6a72056b0526d445ad27a49b16ff07bdede735d2e017adcd25bd72020427bb0e

    SHA512

    6ad5ac73fd3df8151920d7753f0ae8fe3e2d1d3d34be45841c4d8b52ce1c77e8beef63dba30802c62c0d34eea30bf9de41f48a432729f1634c39ac20f182e497

  • memory/2696-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/2696-63-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB