Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

434cdf9947...0N.exe

windows7-x64

9

434cdf9947...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/09/2024, 11:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    434cdf99477df6e9efc4a9afe67ac8c0N.exe

  • Size

    38KB

  • MD5

    434cdf99477df6e9efc4a9afe67ac8c0

  • SHA1

    0ef7c91c3acb540a7d2a3339a0e550ac147679ab

  • SHA256

    0b676ac46a06d6338569a4b4d14d2b4c8ee749f6a9404d005a1039e67c493dba

  • SHA512

    f0fcb648878e9281542a7d247d748c15fd0b8f0881ab4c0ae622e7a1af39524896bf5220c7f78729f556eea240bf17e7305254b45ea3ce21df36895ceb1254e7

  • SSDEEP

    768:kBT37CPKKdJJTU3U2lRtJfOLP7PNcAPJacAPJP:CTW7JJTU3UytJfOL7m

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3345) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\434cdf99477df6e9efc4a9afe67ac8c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\434cdf99477df6e9efc4a9afe67ac8c0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp
    Filesize

    39KB

    MD5

    25ef6ceb3d2e9a211edef54b8bb3e1da

    SHA1

    56acff92f7a087adfd794057947204bb26be1f39

    SHA256

    67aef6897193da18bf43f77cac73d0659a35bf08cfb5329bdd5d5c0e27f7bb48

    SHA512

    02814d25f158339486e53ec3f0af2f74a525fed27b797453ac7d3fda5e4255ac626f7e5c56fa22ddc0f51b3f640dc288a4d4113aacd9ac9ba6b8aff3c7a5033e

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    48KB

    MD5

    63d5a16e41cabf57c6ed13e1edae0122

    SHA1

    07bd86914b78cb7d9785f0aada7d6dd092561fe7

    SHA256

    a35932accfc06d7a558f1a56122c6378950853996655b8ff122721c1b21b3810

    SHA512

    8050d1fcda4061bec4cf55dfeada2a8764e0ea6d3bdabbdf4ed4c60d0b2a1e8c5325e8a9b67650d31fd5f23b7c7981da2b805e1a8395529c7823b45a6735b8ac

    Download Submit

  • memory/2692-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2692-75-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download