Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

07a301317b...6N.exe

windows7-x64

9

07a301317b...6N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2024, 06:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    07a301317b18347c15fae007799f85f173c19b4238787ac361c4056c521b0ec6N.exe

  • Size

    26KB

  • MD5

    3b8f64203c4e7c0c2ef16712fb37be70

  • SHA1

    54f6ab0756a22621dfbd14b3eab543a6a6a090a6

  • SHA256

    07a301317b18347c15fae007799f85f173c19b4238787ac361c4056c521b0ec6

  • SHA512

    0a4d92afd89ae5e45cc373f69e33f491eb71283fea42625c1b587d8095bf80e11f5c00308a5ca52e4f50f78988dc9d54e5a805c9f3fd315b8562e3ee1a0ed37b

  • SSDEEP

    384:QOlIBXDaU7CPKK0TIhfJJ1Evd5BvhzaM9mSIEvd5BvhzaM9mSsxmMxm9+9gpw:kBT37CPKKdJJ1EXBwzEXBwdcMcI9gpw

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3765) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\07a301317b18347c15fae007799f85f173c19b4238787ac361c4056c521b0ec6N.exe
    "C:\Users\Admin\AppData\Local\Temp\07a301317b18347c15fae007799f85f173c19b4238787ac361c4056c521b0ec6N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2240

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp
    Filesize

    26KB

    MD5

    658e8fb84ece46ece53d84186db5e2b0

    SHA1

    a0479bbf469daef17084bfcd0b4deea0110bf800

    SHA256

    54487f145041b7c2de4aa80c59e5cf2634b064e187395a3ce3bf6c17f244a05d

    SHA512

    f70175f29beebc5d750d98c896b4791d3da11757c00c42dd0b1a9417be2582daf63f5732440d05bd6f0c2b3e737d9968684e66ccbc8bed2b12c3f8d1497db980

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    35KB

    MD5

    eb9bc716681d9322d0662da07c2fdf93

    SHA1

    39c335b8ad00034339a7749c2aecd7b8ee077358

    SHA256

    4026c75fd9f98c70af9665206dabe0f42e268d4a797ef900b29145369c1d67d8

    SHA512

    4c92a3b8a79d3ad49003eae94992d08295367c1f49f7f4f1330db7d35d9ab0ee6976c4508f0570354ab9a24af6366c64571762773e6119dcc394f474c9de635c

    Download Submit

  • memory/2240-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2240-71-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download