Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

d73411afb9...bN.exe

windows7-x64

9

d73411afb9...bN.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/09/2024, 13:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d73411afb9e5959aa4acbea79ee5a40ec9bd12edd281a470c372c61c5ea3a43bN.exe

  • Size

    46KB

  • MD5

    77d89889a6a13001c86805ea282d97e0

  • SHA1

    e6b81aa49f5aa9de5fee204764fd01e433751e84

  • SHA256

    d73411afb9e5959aa4acbea79ee5a40ec9bd12edd281a470c372c61c5ea3a43b

  • SHA512

    e1e2a03dd4f8131cf4356c1f8d4504015ddc829eb28c389722109d855988a78c96e8957e9fc85bdee5524a55ec0c18b0f048e97e9134073f7b9c16e0ca55e3c2

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9F:V7Zf/FAxTWoJJ7Tv

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4620) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\d73411afb9e5959aa4acbea79ee5a40ec9bd12edd281a470c372c61c5ea3a43bN.exe
    "C:\Users\Admin\AppData\Local\Temp\d73411afb9e5959aa4acbea79ee5a40ec9bd12edd281a470c372c61c5ea3a43bN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4496
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4508,i,16315016104747277319,5510969007830467313,262144 --variations-seed-version --mojo-platform-channel-handle=1904 /prefetch:8
    1⤵
      PID:3688

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-2170637797-568393320-3232933035-1000\desktop.ini.tmp
      Filesize

      47KB

      MD5

      eb0c5b05a0d60e8af11b72cdd1fd2058

      SHA1

      c3908705398a4e222bb7aebec2193e13b65f8a86

      SHA256

      cb4df3435f7188e35702d47fe352de411b2bebdb0fb47ecf7ea90ce58487db07

      SHA512

      e77863fe27b2d62318248cf84de6c286f7c35409454c0fc6615c536f4c790d61e7dc4f1a35350b231868fa7ca430e42c8aac55f2c9c51c6e5ce20e76e7ece40c

      Download Submit

    • C:\Program Files\7-Zip\7-zip.chm.tmp
      Filesize

      159KB

      MD5

      248aa21c3ce8f39aab95d570eb3406cb

      SHA1

      b2701b787c09ee526f996b93da49a373e3725bc1

      SHA256

      d62576002443944227fd18bc631ba6068722cef064093cd4a4a30416bac3c344

      SHA512

      428e12c3397de07680cbca84b2559ba8c2e1ed41e0adeb3ee1a3e5fdcb20e56a13ebc2781e01dec0582f32e8b0197bfea38b4a4ce8318dd42fd45d04b6be1bd1

      Download Submit

    • memory/4496-0-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

      Download

    • memory/4496-900-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

      Download