Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

c5862f4ffc...9N.exe

windows7-x64

9

c5862f4ffc...9N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2024, 09:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c5862f4ffcc040eefbdabf853c69d1d69194b0743b2bc8c67c2989aaf484e829N.exe

  • Size

    31KB

  • MD5

    cc8c2611c4a3e2b5fe1095fddfe9d210

  • SHA1

    aa8d852dc1d21afe352061658be483063ca0663f

  • SHA256

    c5862f4ffcc040eefbdabf853c69d1d69194b0743b2bc8c67c2989aaf484e829

  • SHA512

    0df5303756034ef6cc119aa501062317ebb609424bdb8317d90c6e5bf2bc695334dae3125b611244c11c379401173ec3de8b68e37c13b86f99fe21bd8c5195f3

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcI982AZJE2AZJ/m6lj3Ai1xQ6lj3Ai1xT:CTW7JJ7Te6lbE6lbP

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3386) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\c5862f4ffcc040eefbdabf853c69d1d69194b0743b2bc8c67c2989aaf484e829N.exe
    "C:\Users\Admin\AppData\Local\Temp\c5862f4ffcc040eefbdabf853c69d1d69194b0743b2bc8c67c2989aaf484e829N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2532

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp
    Filesize

    32KB

    MD5

    98f0e0d1e9a55afa8cf84f92e791125b

    SHA1

    e2a6f1b64850b62a44853b05c8886dd64d18e2e6

    SHA256

    6bd58804d126687a5f392cef59cc479261fef9ebdf8c6ce02d69f0d4c8c36741

    SHA512

    bb1feeeb0923270e318d4bb8630096a1a1c34c555e460a0443afb594584239522a51a057fa54cb1070187308c2eaa9bacb17c672de65def8876bab1ee4c69c5b

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    40KB

    MD5

    b099e51fc444d1a43146d8f940933268

    SHA1

    a2a89378a372b735bb3b64e65898c8fef628827a

    SHA256

    c5427719633909fb9b128d01fdc3bd6865136ddd9f72bd08a0e9c47cdaf551ab

    SHA512

    d5fd5cd3d513b31d6f456f64ce7bfc5ee329ff01d37bd3417532b62054cae23de87975d53084c4beeeb33714b541d14abd6ca2e92a7562241b74861cc9efacc1

    Download Submit

  • memory/2532-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2532-75-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download