Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

2e142fde4f...0N.exe

windows7-x64

9

2e142fde4f...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    98s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/09/2024, 14:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2e142fde4f945624ca878e1775e8d3e0N.exe

  • Size

    58KB

  • MD5

    2e142fde4f945624ca878e1775e8d3e0

  • SHA1

    bb8b9ba8528943b6670153bcaa4fdee6233d3a4c

  • SHA256

    29b86bc66d72f809499ff440b885a151f1f493fb30303785dca544a7ee44a043

  • SHA512

    d5034cd3fa786149f090373efd54bda5c50c40c1a839d88167f50a9ae6fff23e42cc91718e6549740ac5e7f48b22f8d5c33f115044fa5c74e04bc0d205f1e653

  • SSDEEP

    768:a7BlpyqaFAK65euBT37CPKKDm7EJJcbQbf1Oti1JGBQOOiQJhATBApwp133Eskmd:a7ZyqaFAxTWbJJZENTBAOIfmKJfmKSJ

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4626) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\2e142fde4f945624ca878e1775e8d3e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e142fde4f945624ca878e1775e8d3e0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2024

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-656926755-4116854191-210765258-1000\desktop.ini.tmp
    Filesize

    58KB

    MD5

    3dafa9b9b4e1ee28c809826bcd2cb9e4

    SHA1

    a0a732b3027e4e9065bab2bcbe8046eaffcfbc0e

    SHA256

    29c0f4f47d8d407ee0ad551c270384f0c9759269e05293956e12afd3841872e6

    SHA512

    71a2268f95ba7b6efde0b9130c85800b8ab308fe1629f84b704b56813dba4a85b85526cc62d09c340ce325d2e2f9779d5a1abf7688d4b1ae8caf015c0610fc7e

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    157KB

    MD5

    09a3c743f486b572a51a00cc32a48746

    SHA1

    e90895d84c840990f7e3819aa2144869f517e887

    SHA256

    48d20852cd6779ca56e715b02f4403a3a5d4bd35192e7e757966471524bb265d

    SHA512

    4bf89f827027a1a174536a334c4b152a3f751ffc6dc962929046b1750fa3b1cfecd97408410e5515eea41c89ac8be707e2e33105ca575532c2789a2b1bac2a61

    Download Submit

  • memory/2024-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2024-906-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download