Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/09/2024, 03:53

General

  • Target

    fa07f8a8d6fca285a328fdfe09c2cd09908d0333e5365c8143dfd5ee5c776634.exe

  • Size

    76KB

  • MD5

    a217184e32bc2be542231eaf972c5976

  • SHA1

    527edbda97bd0b92227238a99c2f7033f483032e

  • SHA256

    fa07f8a8d6fca285a328fdfe09c2cd09908d0333e5365c8143dfd5ee5c776634

  • SHA512

    e9cd4ce0cf923e96bd2da0214bfa71bd82e852894674db447c19a4e88aa4e49fdb450da30cbafeef9bcfd27d896d52e8dc15662f0e0d6c25245a283def5d3253

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8wYeHNm5EvDxfIyKoIWbsHfySkT5GeCyi348oWGh:KQSodYeHNmkDxfIyKoIWbsHfySkT5Geb

Malware Config

Signatures

  • Renames multiple (5046) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\fa07f8a8d6fca285a328fdfe09c2cd09908d0333e5365c8143dfd5ee5c776634.exe
    "C:\Users\Admin\AppData\Local\Temp\fa07f8a8d6fca285a328fdfe09c2cd09908d0333e5365c8143dfd5ee5c776634.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2980

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1194130065-3471212556-1656947724-1000\desktop.ini.tmp

    Filesize

    76KB

    MD5

    655fbbee9e8c947f922c1baa7695049c

    SHA1

    c815ed4b1abb3c6afa737a405a0ff14d57148f33

    SHA256

    e492049d22adf3ad5fa3c89d5c4ad6dfe1a3126b41698ac96ee2b9c30b77fd4c

    SHA512

    970be18b53bcb233b7c19b2605975a1457423da4035631063e18be9664740bfae6506836e4d26b99da4527f5c4d80a375d05aacbf42568db8804089484f83adc

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    175KB

    MD5

    40496e79cc1e91162dde857a70667405

    SHA1

    fc6caf5a104bcba4dba6493aba975e38329205b8

    SHA256

    126b89864d18fc5164e61e7ea8e0d988733100fe3a9240ffc775282ab72f3c83

    SHA512

    2fc908451f2606ef810bea3352c8c4007488962a5f46b9bb2256e31b3382a326e4bb0b779f7013bd5964f15456ec1f5440dea1260066e5f165451987bd2eeba1

  • memory/2980-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/2980-909-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB