Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

e91f530826...4N.exe

windows7-x64

9

e91f530826...4N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2024, 13:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e91f53082660da21129571ddbecd253f41facfe51709cb74b2b6b85d604caf54N.exe

  • Size

    185KB

  • MD5

    1763d9ba13123161b1d70f464a0bf330

  • SHA1

    0bf3931bd51f80db15d2be19801296e84d3d0e3d

  • SHA256

    e91f53082660da21129571ddbecd253f41facfe51709cb74b2b6b85d604caf54

  • SHA512

    5311d1bd255c97418310037c4684463d54042e4d9a95dc087608ac6ae0cd327e6bac77d559fa44e4cea0f85576112fb534991a6ba2fe63f66d9eb6b862727ba8

  • SSDEEP

    3072:fny1tEuQ1RCCZHrIZG1SKJqIqrZBSJs1OE5euosTzQhd:KbEuQrCs71qIqrqJsMEHoD

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (2856) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\e91f53082660da21129571ddbecd253f41facfe51709cb74b2b6b85d604caf54N.exe
    "C:\Users\Admin\AppData\Local\Temp\e91f53082660da21129571ddbecd253f41facfe51709cb74b2b6b85d604caf54N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1580

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp
    Filesize

    185KB

    MD5

    31a1cee4b069f7f160180f001fe54a6d

    SHA1

    d1c6bd4aa8a1c10f8747fc0d88571b223c0db69a

    SHA256

    8e43aa7b879fb5d396cac0af34f5173ba43e18bae70a53e36d7084b06033e2de

    SHA512

    68069a47839008795a0a168963169667acb35021cf564e3273d7021a595ce776c70def1d98ee6c5a738d1d1a0ea19b4d737138c67f6821ae8b9c30a76b2327be

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    194KB

    MD5

    bf4cb3469e5196bf8bcdeed6f243d4af

    SHA1

    d1884d1c3793fa66bfd60e12511620f31fd68c53

    SHA256

    55ca4d1d232a793012bcd401a29fe5cf254386cd34cdaa83910671d4fb57231f

    SHA512

    9fb05e0e2d7f71a2f4966f3b41ca0fbe82fef2ff8b578006b029d178d1f4016cda619291013bf6041d5c75a00b9aa77afb4154c14f4634f76cbefcbb20224434

    Download Submit

  • memory/1580-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1580-74-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download