Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

26f980916d...0N.exe

windows7-x64

9

26f980916d...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14/09/2024, 00:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    26f980916d03de59b423a9d72b1d84b0N.exe

  • Size

    43KB

  • MD5

    26f980916d03de59b423a9d72b1d84b0

  • SHA1

    2bd702105b555d6b5eb2da86d882a58d7c37d785

  • SHA256

    c195da50a0bdb8aeaed49105337a7c765f908c2109bf0e1124ec45d5bc193f8c

  • SHA512

    6c4d3a7f9fddd9de3d0e3f82dd6888939609b05aa649921ea348cc738e8271d819340a49d01a955928c9438b3072d60d2da5e98ff5410f11d70104014055d188

  • SSDEEP

    768:kBT37CPKKdJJcbQbf1Oti1JGBQOOiQJhATBaMYtw2Yw2ASfgWgA:CTW7JJZENTBTYxS3

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3339) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\26f980916d03de59b423a9d72b1d84b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\26f980916d03de59b423a9d72b1d84b0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2612

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp
    Filesize

    43KB

    MD5

    9597e65b697c9552cf83ef5102268fd8

    SHA1

    40d9b65b00ef06de8aa02e721fab2cfce3bb1ac1

    SHA256

    daca8bdc6e23a085e3d1d5188fc0fcb5c5398b9b02dbae67d5d10a0d93da5dd7

    SHA512

    6e820d93043aeecd5e7b8cb4d12c513c595fc1f72741be24d86909133cf41a9e05033887791f135a0bb17c3ea3c64712389147d08ca2d8a59c9caa4ebb30ecc5

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    52KB

    MD5

    09b3901aaf15eccbfaab0b29592e67da

    SHA1

    755bcbd4c2fcbbdd8649f7d5351f4b6e9993aae9

    SHA256

    8b44d205cd88919b72057ab3aed76537004380d9d9814ab725786cbb1f654fcd

    SHA512

    ded1cf412b371beb884c0f21c9df3512c03758dc872250c09b835ef4969c82e90f07c8cc43b68116575e78e8f9dea59cc84b17bd9f75829e36eb3e9c2b5297cb

    Download Submit

  • memory/2612-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2612-74-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download