Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

7e87d16d2a...5N.exe

windows7-x64

9

7e87d16d2a...5N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    108s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2024, 13:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7e87d16d2ada62ae440a380a9e59b27c08437bea03d8c2033956d8ccb0be8315N.exe

  • Size

    39KB

  • MD5

    a1895f575b4f43712f948f3ad30858f0

  • SHA1

    1bd51368bb18698e33b910af4199dd21501d1023

  • SHA256

    7e87d16d2ada62ae440a380a9e59b27c08437bea03d8c2033956d8ccb0be8315

  • SHA512

    12f13138203483fb4a99a232ae61a9d78b2ea45beb57b786e4008d26a91f77861173abc90bd78a1d7f10ec74f123fd3d66ae9981dc24a14836bbf483da5afa24

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcI9HxUYyTRPTpXYyTRPTpm:CTW7JJ7TbyxFIyxFm

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4694) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\7e87d16d2ada62ae440a380a9e59b27c08437bea03d8c2033956d8ccb0be8315N.exe
    "C:\Users\Admin\AppData\Local\Temp\7e87d16d2ada62ae440a380a9e59b27c08437bea03d8c2033956d8ccb0be8315N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3712

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-945322488-2060912225-3527527000-1000\desktop.ini.tmp
    Filesize

    39KB

    MD5

    5ec282ab790e3d595d5d823a4fac7f5e

    SHA1

    fa91bbc8a72975c18e4a660a574128c2276dfe1d

    SHA256

    787959b453fd2985f9d4b0de0c35a62ddfabfe2fc534766fc9a787cb140f4484

    SHA512

    74ba98a8c08addac46f57f347fb36ac2aba1c36fd50c504f636ed35bd49f4c6c61ae54e2f16a3d429124269253f700e0d7c42e66e6ce21188e00b78c4d30b1e2

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    138KB

    MD5

    dc15766135378ba7b14190e9adb98903

    SHA1

    7485a75e2e4176e768df168975d5270a6840203c

    SHA256

    2d7b5231b8d018a822aca97dc4df1b61edb49f5adf7c1df3c7ee9445951df543

    SHA512

    748357c8d0b38f254a37349e4ae8d49c52d79aceb26db295331272ddb5c12a187ef38cdd212e954e5b036db28b58440845aacc52c3d51955c40625733f590a11

    Download Submit

  • memory/3712-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3712-906-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download