Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

5

bd2b4664fd...1N.exe

windows7-x64

9

bd2b4664fd...1N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/09/2024, 06:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd2b4664fd98e21574d09f427d1b86db67d6f566c8c9098340eb660d01c35bd1N.exe

  • Size

    58KB

  • MD5

    251665e54886185bbd9bed5b643d0cd0

  • SHA1

    702043f1221c44d4a61a9d1991a4ff413fa29322

  • SHA256

    bd2b4664fd98e21574d09f427d1b86db67d6f566c8c9098340eb660d01c35bd1

  • SHA512

    215e73911580545b85629c31e46fdf6f5e7f269b570c11bb27d7109ca584d08e7f4de9cf3867bf95815fccf536cf050c8a7dc26eab5e9d90bff697f244f88803

  • SSDEEP

    768:a7BlpyqaFAK65euBT37CPKKDm7EJJcbQbf1Oti1JGBQOOiQJhATNydWK9WKF9AD/:a7ZyqaFAxTWbJJZENTNyoKIKM/

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (5192) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd2b4664fd98e21574d09f427d1b86db67d6f566c8c9098340eb660d01c35bd1N.exe
    "C:\Users\Admin\AppData\Local\Temp\bd2b4664fd98e21574d09f427d1b86db67d6f566c8c9098340eb660d01c35bd1N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4016

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2392887640-1187051047-2909758433-1000\desktop.ini.tmp
    Filesize

    59KB

    MD5

    29749903fd76ac950c9554e3e10001f6

    SHA1

    1dde6a57f80c3e7c665383b59baeb6bfcd6d4cf0

    SHA256

    9655012681f5c987367f2c6bcf36a673f15d6d496d06a4cb836da3000ed0269e

    SHA512

    edd4570739312420c6ecac748441171346505182e994f5ed45a216ccaa5a6eb085a08c8faf84cd35fa34bcb1ac7d4446586e6665e44725647159e8465d642c85

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    157KB

    MD5

    3259fe097d564e462048072188ac470c

    SHA1

    5a7ae69c1e8b30e6dceb2af816ede47b7ab30741

    SHA256

    ddc0692fed0eed147f51dc810166dd610070d328fc8cb01c756643177ab63728

    SHA512

    7144bf3313995897e1eaf693eadcec95a0ad5f7e5ea6661a9e4f63eddbaa1002670c5358a7d94e220d539271db38611c51824b2945dc5c27bc7950b3eaadd854

    Download Submit

  • memory/4016-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/4016-952-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download