Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    27/09/2024, 20:35 UTC

General

  • Target

    3a3fa327cea6d8437f82598e2691dbd323ad6bf0efd4c6ae518269029c756e01.exe

  • Size

    36KB

  • MD5

    d465741fdd1c00c9de0f593847df5803

  • SHA1

    e10d6f4a0a3561f7dbed688a2199e0552bfeab32

  • SHA256

    3a3fa327cea6d8437f82598e2691dbd323ad6bf0efd4c6ae518269029c756e01

  • SHA512

    2a47ad01c7af6fabe67db8d361eaf6499d1a6efa72f5313c6775ab974039dc1cb330dc8c2c00c102eb42ac5d5f80ba7f4250209441d4eaf678afb4bdcfc4afc8

  • SSDEEP

    768:kBT37CPKKdJJcbQbf1Oti1JGBQOOiQJhATBApwp133EskmKsN33EskmKsKbP8/8g:CTW7JJZENTBAOIfmKJfmKs

Malware Config

Signatures

  • Renames multiple (3790) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a3fa327cea6d8437f82598e2691dbd323ad6bf0efd4c6ae518269029c756e01.exe
    "C:\Users\Admin\AppData\Local\Temp\3a3fa327cea6d8437f82598e2691dbd323ad6bf0efd4c6ae518269029c756e01.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2120

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

    Filesize

    37KB

    MD5

    a65e1b99778aa37d3c00c42a55bf31dc

    SHA1

    7d1373243a9aeab600d08ce97d0aea59cb5dc0c4

    SHA256

    d5c63d4aa15a3430e11ef47c0d183a896c7023f95ae0f0f8c0c3e5725001c07f

    SHA512

    5dac82ae770d4a2e6f9bff87eefd61ce31bf665d85b3e51ab539d6b8b2fa68f9022cfbbf0980237de5f00fcaedbfa186d41463be7d5f7c04adc8d70d0811d063

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    46KB

    MD5

    edf51af62f6e515d40b307cf2ffd9af5

    SHA1

    46c292a279794b9bb902253b33dd62ec96f167bf

    SHA256

    64964609d02463eab0f4b79373375674eba3e59016f7afca9a46428b9e73741d

    SHA512

    093653b78ccda16881d972b87ab7d3ff8e71a072d01930ff3a58bcd016aaf70940e7e4c7523bd5d151398fa409cb8aeb3e269194d785fc6460044e265613bb22

  • memory/2120-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/2120-72-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.