Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/09/2024, 22:05

General

  • Target

    d4c9a90fd48f71887318ce00b289f0929c4cf24231f215ce03987079550abac8N.exe

  • Size

    37KB

  • MD5

    efe40048dba28af6fec0a3266ca37590

  • SHA1

    9c905864462ccb73444b5ab2d20c5d6c68f6dcf3

  • SHA256

    d4c9a90fd48f71887318ce00b289f0929c4cf24231f215ce03987079550abac8

  • SHA512

    2db0601af81949636e259b601f9da11bc025a6687d42ce0a31fc6c6d7790c843cd1ca676b5fd69b7ab80e463215bdd4f3f07c4a472e6d849ec6a3cc939f3a9b7

  • SSDEEP

    768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5ltWqAhJ1qAhJE:W7ZhA7pApM21LOA1LOl6Ar

Score
9/10

Malware Config

Signatures

  • Renames multiple (4652) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\d4c9a90fd48f71887318ce00b289f0929c4cf24231f215ce03987079550abac8N.exe
    "C:\Users\Admin\AppData\Local\Temp\d4c9a90fd48f71887318ce00b289f0929c4cf24231f215ce03987079550abac8N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2088
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4216,i,15436195446242760253,4000484513008731869,262144 --variations-seed-version --mojo-platform-channel-handle=3960 /prefetch:8
    1⤵
      PID:3972

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-2170637797-568393320-3232933035-1000\desktop.ini.tmp

      Filesize

      37KB

      MD5

      6b4321d841961b139874d12813e10338

      SHA1

      6e3bcc20e18c539b8c557b3dd61a035abb17cbe4

      SHA256

      590b379119dc2cb1a124d39b3d3995a6e5cca3575fb30a7e98e9d4598086c534

      SHA512

      d4ff6cfdd6b43e7205db31c3ca744063046638817dee44c325c3d3c6d41d2e5e7cfa70b00bcab355a1140a20b9c9ea3e29734c98e2c2162e425f4f72881ec04a

    • C:\Program Files\7-Zip\7-zip.chm.tmp

      Filesize

      150KB

      MD5

      bb5c138fca5e86bb3bc0767554891fe0

      SHA1

      b8d8617f38f31fe55bb863ed5f01932a0458bf13

      SHA256

      420309ae601e97ffdc3fa7f399f0e5329ae62b22e42f80baa864ba6664dc158a

      SHA512

      9fd74d0d427e9641ee130255ff085f2a1871685faebb2d1150981a2941d996bf37c09d2c8d546eefbbc198cb403cb1597f283d07d442655fd1dfadfd7c5e779f