Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/09/2024, 09:15

General

  • Target

    dc782c052558ba75cad076cc61d3dbd0N.exe

  • Size

    91KB

  • MD5

    dc782c052558ba75cad076cc61d3dbd0

  • SHA1

    8302262a191ab7fc6f6672ffd82597842cb0b6a4

  • SHA256

    9363248b7e16bcd65e385a5d8641fe2b15e37e6e99c38b55de93298c353abdcf

  • SHA512

    449a88821f7e328bdc413beae1128ee31b59de08e75b605ef56c6bca06a8c270d0cf61a6191e3d1ab019a98925fe12ffc7697dc1979ba1a420abc60d72a9a103

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxY5NKZDLKZDE:fnyiQSox5WDgDE

Malware Config

Signatures

  • Renames multiple (4355) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\dc782c052558ba75cad076cc61d3dbd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\dc782c052558ba75cad076cc61d3dbd0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3616

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2412658365-3084825385-3340777666-1000\desktop.ini.tmp

    Filesize

    91KB

    MD5

    0165de67a9000bdb567a4fdaaf5b3d73

    SHA1

    a6f84b6b9610b335f8c1041f873fb0e1e5469db5

    SHA256

    aed96f97def56d69777b76b5caeffb0e5ec194f25d462ca2224aa4e7e5a30f52

    SHA512

    d2869933ccc83859b6ac39efabd49f1fc0dcf4feaf5bce8724af49300d2ff0d3bd7bee6b8d1b750fe9cd694a8f4cbf69dd0f4767aca06ea80750386fc5f25264

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    190KB

    MD5

    eac70b1145979735f56aecb93cd78a80

    SHA1

    b745079f4fe0139a9379c7e322caba0b248a7d6f

    SHA256

    cbc795de94665191cb2d4f490aed2961fc9ef8128f954ae4dae335b75f33639c

    SHA512

    c13190d11d64af63059d0845956c6960f834f6d2209f9cf1343cfca30312cb9d9af0ba4d688f40451b6cbee1816a286f588008746fc1c6a38568a3c332d5c3f9

  • memory/3616-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/3616-808-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB