Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

962326e9cf...0N.exe

windows7-x64

9

962326e9cf...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    08/09/2024, 05:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    962326e9cf6a407fc616275e56657060N.exe

  • Size

    47KB

  • MD5

    962326e9cf6a407fc616275e56657060

  • SHA1

    ae16c487940c810b08aed1fba0f9c038af0de952

  • SHA256

    f1a6f093b57b6e96d5ff815980b26b57498143f72e761a3c324afad9d012d5d0

  • SHA512

    0633a2e6b61fff4a9eda958c5a704f7b449525fb023420abb0381bca83435af7ca44bdbd7ae8a4ed7be5a6a9256cd68d6fbfed92b9511b17f44572d5145d3473

  • SSDEEP

    768:/7BlpQpARFbhNIiJwsJwwnZEQoVeDQoVex:/7ZQpAplJwsJwwnlYl

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3393) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\962326e9cf6a407fc616275e56657060N.exe
    "C:\Users\Admin\AppData\Local\Temp\962326e9cf6a407fc616275e56657060N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2156

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp
    Filesize

    48KB

    MD5

    66c00a93a44fd1cf67995492aa5ae573

    SHA1

    104cadc5e9d5f2971022a18f6431c52b3472ddf0

    SHA256

    27b50f0bdc4ea5f9b1274df625bf6d518dccf44312fb37bbefc8a142241341ac

    SHA512

    2e21a6a1dd268199477585418a75a0686b7243a4e7e1b89dcbf866e6379731a1f49a27366d8cda1650a648678ecb9363151f85109640b17868dabbe5b5b7b8ad

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    56KB

    MD5

    f8b44041e468216afc4849592e1d3a98

    SHA1

    4cdccd0c82de36ed2fcba5bcb51dd8eca76ffb1d

    SHA256

    d314f8a9a7cbeacd3437e31fe23ac797e64e38293df84898d0ae1ec194341d35

    SHA512

    45958f09d341412c8c49640956928fadf6cd76cb4eeb18e766239910dccd7e84a1b94811cfb6f73b655e3a62f3da8afacf095f20f19231aaa4703efe8c51523f

    Download Submit

  • memory/2156-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2156-74-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download