Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

6517123ec5...b9.exe

windows7-x64

9

6517123ec5...b9.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/09/2024, 22:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe

  • Size

    106KB

  • MD5

    751c50b61df27930858583bd37e61138

  • SHA1

    dc45ecc13fbd5c24181fe9ff9eca8c4e5a5e5d9f

  • SHA256

    6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9

  • SHA512

    66abf34d6c732c8b0bbfdcc014aa0d01b11dfaa3306db42975cd9a06102dea78af9f67df5153210eb9435ef8af04406e8eaafe040ee9b8fdf7366125f552cad7

  • SSDEEP

    3072:6e7WpMaxeb0CYJ97lEYNR73e+eKZHfFpsJOfFpsJ6Xu:RqKvb0CYJ973e+eKZc

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (4842) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
    "C:\Users\Admin\AppData\Local\Temp\6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4664

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4182098368-2521458979-3782681353-1000\desktop.ini.tmp
    Filesize

    107KB

    MD5

    9df2f9a074cc75df1d300f5f6532fc6c

    SHA1

    4f5e450ca53d70cd3741af6498efbf879821d38a

    SHA256

    fc5f945dd4925ce6c5741c0a7ce0185bf6069e053ee663d42bc144ba7ec1d6fb

    SHA512

    a9c8648a318b7ccd4ad84e9330e0720ef19e229e2be5c2d9e03174fbdae807ccb4e60ef1e9ccc722d6b6374ed340f9f1aaa0d917285b9d6ce691b526a722f4b5

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    205KB

    MD5

    36e3715db925c102885ad10299bcbc73

    SHA1

    27785dcccc7f75fa60d64a92461c7968989cacbc

    SHA256

    a3be1c4f295daef9b52e360f4768f9eb01db2f0d12ed435f60a0bc9d5e2e0084

    SHA512

    fc95ef782725cf7c4ef96a93ab4df55e658ec2cb2f3ebd86fb0774e14fc5279e0e19d6893b593811494180863d6ae2d3adeba9b8c86e473304d207d7432f7712

    Download Submit